Create Interactive Tour

Analysis Report Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe

Overview

General Information

Sample Name:Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe
Analysis ID:432981
MD5:87bcefddbb591c34932d5218c1862702
SHA1:37ef53efd5b0b3d4b3bb0b98cbf176e199f7bb6a
SHA256:7809b448cc126b61646fe71a9f8978b2a21c4786d59c6a43067a54ad9f618598
Infos:

Most interesting Screenshot:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Generic Patcher
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file has a writeable .text section
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Creates a DirectInput object (often for capturing keystrokes)
Detected potential crypto function
Drops PE files
Found evaded block containing many API calls
Found large amount of non-executed APIs
PE file contains an invalid checksum
PE file contains strange resources
Uses 32bit PE files
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found
SourceRuleDescriptionAuthorStrings
Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeCN_Honker_Acunetix_Web_Vulnerability_Scanner_8_x_Enterprise_Edition_KeyGenSample from CN Honker Pentest Toolset - file Acunetix_Web_Vulnerability_Scanner_8.x_Enterprise_Edition_KeyGen.exeFlorian Roth
  • 0xf7b1:$s0: <description>Patch</description>
  • 0x804:$s2: \dup2patcher.dll
  • 0x815:$s3: load_patcher
SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\dup2patcher.dllJoeSecurity_GenericPatcherYara detected Generic PatcherJoe Security
    SourceRuleDescriptionAuthorStrings
    00000001.00000002.462637259.0000000000E10000.00000004.00000001.sdmpJoeSecurity_GenericPatcherYara detected Generic PatcherJoe Security
      Process Memory Space: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe PID: 620JoeSecurity_GenericPatcherYara detected Generic PatcherJoe Security
        SourceRuleDescriptionAuthorStrings
        1.2.Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe.737f0000.3.unpackJoeSecurity_GenericPatcherYara detected Generic PatcherJoe Security
          1.2.Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe.e10000.0.raw.unpackJoeSecurity_GenericPatcherYara detected Generic PatcherJoe Security

            Sigma Overview

            No Sigma rule has matched

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\dup2patcher.dllVirustotal: Detection: 53%Perma Link
            Source: C:\Users\user\AppData\Local\Temp\dup2patcher.dllReversingLabs: Detection: 70%
            Multi AV Scanner detection for submitted file
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeVirustotal: Detection: 63%Perma Link
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeMetadefender: Detection: 42%Perma Link
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeReversingLabs: Detection: 73%
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\dup2patcher.dllJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeJoe Sandbox ML: detected
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeCode function: 1_2_737F6CE0 FindFirstFileA,FindClose,1_2_737F6CE0
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe, 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp, dup2patcher.dll.1.drString found in binary or memory: http://diablo2oo2.cjb.net
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeCode function: 1_2_737F71E0 lstrlenA,OpenClipboard,GlobalAlloc,GlobalLock,lstrcpyA,EmptyClipboard,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_737F71E0
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe, 00000001.00000002.463861045.000000000152A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

            System Summary:

            barindex
            Malicious sample detected (through community Yara rule)
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe, type: SAMPLEMatched rule: Sample from CN Honker Pentest Toolset - file Acunetix_Web_Vulnerability_Scanner_8.x_Enterprise_Edition_KeyGen.exe Author: Florian Roth
            PE file has a writeable .text section
            Source: dup2patcher.dll.1.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeCode function: 1_2_737F97621_2_737F9762
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeCode function: 1_2_737F77A91_2_737F77A9
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeCode function: 1_2_737F9FA01_2_737F9FA0
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: dup2patcher.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe, type: SAMPLEMatched rule: CN_Honker_Acunetix_Web_Vulnerability_Scanner_8_x_Enterprise_Edition_KeyGen date = 2015-06-23, author = Florian Roth, description = Sample from CN Honker Pentest Toolset - file Acunetix_Web_Vulnerability_Scanner_8.x_Enterprise_Edition_KeyGen.exe, reference = Disclosed CN Honker Pentest Toolset, license = https://creativecommons.org/licenses/by-nc/4.0/, score = e32f5de730e324fb386f97b6da9ba500cf3a4f8d
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: classification engineClassification label: mal84.evad.winEXE@1/2@0/0
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeCode function: 1_2_00E7102B EntryPoint,ExitProcess,GetModuleHandleA,FindResourceA,SizeofResource,LoadResource,VirtualAlloc,RtlMoveMemory,GetTempPathA,lstrcatA,LoadLibraryA,GetProcAddress,FreeLibrary,DeleteFileA,1_2_00E7102B
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeFile created: C:\Users\user\AppData\Local\Temp\dup2patcher.dllJump to behavior
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeVirustotal: Detection: 63%
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeMetadefender: Detection: 42%
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeReversingLabs: Detection: 73%
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeCode function: 1_2_00E7102B EntryPoint,ExitProcess,GetModuleHandleA,FindResourceA,SizeofResource,LoadResource,VirtualAlloc,RtlMoveMemory,GetTempPathA,lstrcatA,LoadLibraryA,GetProcAddress,FreeLibrary,DeleteFileA,1_2_00E7102B
            Source: dup2patcher.dll.1.drStatic PE information: real checksum: 0x19917 should be: 0x1d065
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeStatic PE information: real checksum: 0xecdd should be: 0x12956
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeFile created: C:\Users\user\AppData\Local\Temp\dup2patcher.dllJump to dropped file
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeCode function: 1_2_737F68D3 rdtsc 1_2_737F68D3
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeEvaded block: after key decisiongraph_1-2758
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeEvaded block: after key decisiongraph_1-3353
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeAPI coverage: 9.2 %
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeCode function: 1_2_737F6CE0 FindFirstFileA,FindClose,1_2_737F6CE0
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeCode function: 1_2_737F4616 GetSystemInfo,CreateFileA,GetFileSize,CreateFileMappingA,MapViewOfFile,UnmapViewOfFile,CloseHandle,CloseHandle,1_2_737F4616
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeAPI call chain: ExitProcess graph end nodegraph_1-3397
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeCode function: 1_2_737F68D3 rdtsc 1_2_737F68D3
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeCode function: 1_2_00E7102B EntryPoint,ExitProcess,GetModuleHandleA,FindResourceA,SizeofResource,LoadResource,VirtualAlloc,RtlMoveMemory,GetTempPathA,lstrcatA,LoadLibraryA,GetProcAddress,FreeLibrary,DeleteFileA,1_2_00E7102B
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeCode function: 1_2_737F67F8 push dword ptr fs:[00000030h]1_2_737F67F8
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeCode function: 1_2_737F67DE push dword ptr fs:[00000030h]1_2_737F67DE

            HIPS / PFW / Operating System Protection Evasion:

            barindex
            Yara detected Generic Patcher
            Source: Yara matchFile source: 00000001.00000002.462637259.0000000000E10000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe PID: 620, type: MEMORY
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\dup2patcher.dll, type: DROPPED
            Source: Yara matchFile source: 1.2.Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe.737f0000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe.e10000.0.raw.unpack, type: UNPACKEDPE
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe, 00000001.00000002.463980969.0000000001BB0000.00000002.00000001.sdmpBinary or memory string: Program Manager
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe, 00000001.00000002.463980969.0000000001BB0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe, 00000001.00000002.463980969.0000000001BB0000.00000002.00000001.sdmpBinary or memory string: Progman
            Source: Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe, 00000001.00000002.463980969.0000000001BB0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exeCode function: 1_2_737F4126 GetVersionExA,GetModuleHandleA,GetProcAddress,GetCommandLineA,ExpandEnvironmentStringsA,ExpandEnvironmentStringsA,SetEnvironmentVariableA,DialogBoxParamA,1_2_737F4126

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsNative API2Path InterceptionProcess Injection1Software Packing1Input Capture1Security Software Discovery11Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryProcess Discovery1Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Information Discovery3Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 432981 Sample: Sketchup+Pro+2016+Patch+x86... Startdate: 11/06/2021 Architecture: WINDOWS Score: 84 10 Malicious sample detected (through community Yara rule) 2->10 12 Multi AV Scanner detection for dropped file 2->12 14 Multi AV Scanner detection for submitted file 2->14 16 4 other signatures 2->16 5 Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe 2 2->5         started        process3 file4 8 C:\Users\user\AppData\...\dup2patcher.dll, PE32 5->8 dropped

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand
            SourceDetectionScannerLabelLink
            Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe64%VirustotalBrowse
            Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe49%MetadefenderBrowse
            Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe74%ReversingLabsWin32.Hacktool.Generic
            Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe100%Joe Sandbox ML
            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\dup2patcher.dll100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\dup2patcher.dll54%VirustotalBrowse
            C:\Users\user\AppData\Local\Temp\dup2patcher.dll70%ReversingLabsWin32.Trojan.Generic
            No Antivirus matches
            No Antivirus matches
            No Antivirus matches
            No contacted domains info
            NameSourceMaliciousAntivirus DetectionReputation
            http://diablo2oo2.cjb.netSketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe, 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp, dup2patcher.dll.1.drfalse
              high
              No contacted IP infos

              General Information

              Joe Sandbox Version:32.0.0 Black Diamond
              Analysis ID:432981
              Start date:11.06.2021
              Start time:02:43:21
              Joe Sandbox Product:CloudBasic
              Overall analysis duration:0h 4m 51s
              Hypervisor based Inspection enabled:false
              Report type:full
              Sample file name:Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
              Number of analysed new started processes analysed:29
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • HDC enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal84.evad.winEXE@1/2@0/0
              EGA Information:
              • Successful, ratio: 100%
              HDC Information:
              • Successful, ratio: 45.7% (good quality ratio 45.1%)
              • Quality average: 82.6%
              • Quality standard deviation: 21.3%
              HCA Information:Failed
              Cookbook Comments:
              • Adjust boot time
              • Enable AMSI
              • Found application associated with file extension: .exe
              Warnings:
              • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe
              • Not all processes where analyzed, report is missing behavior information
              No simulations
              No context
              No context
              No context
              No context
              No context
              C:\Users\user\AppData\Local\Temp\dup2patcher.dll
              Process:C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe
              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):58880
              Entropy (8bit):6.274686940764988
              Encrypted:false
              SSDEEP:1536:C/Tilc2ldltF9j6RW8H3/1lxC+oU0ODbGI:QTYc2ldltF9jWW8H3/1lxC+oU0ODb
              MD5:51B2C1B0FCE1B6BFECA3BF45139E1FF2
              SHA1:C8B90ED93F086AD2A8EAEFFED77420F2041C5571
              SHA-256:FBAD2A105AF0518B8CE8FE9A050D29C631B8DB474905F884CE54B72CA8FE06B9
              SHA-512:362C4701A75A69A8D3B82DF96EB5A9C593017714C2B43CD44511112FB70B47A7DFCCB1F3569023B744D76BD7F59F734949E861AA1E6C97174558B1AED87248E7
              Malicious:true
              Yara Hits:
              • Rule: JoeSecurity_GenericPatcher, Description: Yara detected Generic Patcher, Source: C:\Users\user\AppData\Local\Temp\dup2patcher.dll, Author: Joe Security
              Antivirus:
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: Virustotal, Detection: 54%, Browse
              • Antivirus: ReversingLabs, Detection: 70%
              Reputation:low
              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........bd............! ....n#......u....................u......u......u......u.....Rich............................PE..L......P...........!.........H....... .......................................p............@.........................p.......P........0..|!...................`..H.......................................................D............................text...J........................... ....rdata..............................@..@.data....W..........................@....rsrc...|!...0..."..................@....reloc..Z....`......................@..B................................................................................................................................................................................................................................................................................................................
              \Device\ConDrv
              Process:C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):43
              Entropy (8bit):2.873975431849053
              Encrypted:false
              SSDEEP:3:NNAb/Xs6Iu9v:fj6Iu9v
              MD5:0DFC49F33913C29D911693F804AA4B7B
              SHA1:4231F9731BA16E024959470640151B69AA58DF6E
              SHA-256:187FEF245C6F38EF8899AF96C28C1F6227AC0F86288B651B0CF938CB09A15A77
              SHA-512:82A090D26D81F44A5B2356BA1EFCA91A9623772F2CB8688A59AF4C4221C3D626B5E63B952377F9ECA49A04E81AB754BF369C42F23CA587DEF0646BAE5C967852
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview: .. /help : show help menu..

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386, for MS Windows
              Entropy (8bit):7.8839383962580305
              TrID:
              • Win32 Executable (generic) a (10002005/4) 99.96%
              • Generic Win/DOS Executable (2004/3) 0.02%
              • DOS Executable Generic (2002/1) 0.02%
              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
              File name:Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe
              File size:65024
              MD5:87bcefddbb591c34932d5218c1862702
              SHA1:37ef53efd5b0b3d4b3bb0b98cbf176e199f7bb6a
              SHA256:7809b448cc126b61646fe71a9f8978b2a21c4786d59c6a43067a54ad9f618598
              SHA512:2dbd479ba191f37d6a243e175c82d5e010e8df52d781eecb571bc303d7e879567105477074bd2e5ed6b0493610b6f88c53cf08bf10a534d1fce218a0b9a668dc
              SSDEEP:768:aie9JsTXL1MJAJCTWuC6216GDXpFqS8uVfo4k9bRU9S48Tt/PZI5UZB3w3iEg5sz:uJsfiSJC6uCisXpFqo1ZS4uBeUZoWtU
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i.m.-...-...-.......,...B.......-...<...B...,...B...,...B...,...Rich-...........PE..L......P............................+......

              File Icon

              Icon Hash:01e6e6e6dcdc98a3

              General

              Entrypoint:0x40102b
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
              DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Time Stamp:0x50D4CDC2 [Fri Dec 21 20:59:46 2012 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:5
              OS Version Minor:0
              File Version Major:5
              File Version Minor:0
              Subsystem Version Major:5
              Subsystem Version Minor:0
              Import Hash:dc73a9bd8de0fd640549c85ac4089b87
              Instruction
              call 00007F0718C711CCh
              push 00000000h
              call 00007F0718C712CAh
              push ebp
              mov ebp, esp
              add esp, FFFFFBF4h
              push esi
              push edi
              push ebx
              push 00000000h
              call 00007F0718C712C9h
              mov dword ptr [00403030h], eax
              mov dword ptr [ebp-08h], 00000000h
              push 0000000Ah
              push 00403000h
              push 00000000h
              call 00007F0718C712A3h
              or eax, eax
              je 00007F0718C711E3h
              mov dword ptr [ebp-04h], eax
              push dword ptr [ebp-04h]
              push 00000000h
              call 00007F0718C712C2h
              mov dword ptr [ebp-0Ch], eax
              push dword ptr [ebp-04h]
              push 00000000h
              call 00007F0718C712A9h
              or eax, eax
              je 00007F0718C711C5h
              mov dword ptr [ebp-08h], eax
              cmp dword ptr [ebp-08h], 00000000h
              je 00007F0718C711F4h
              push 00000004h
              push 00001000h
              push dword ptr [ebp-0Ch]
              push 00000000h
              call 00007F0718C7129Dh
              mov edi, eax
              push dword ptr [ebp-0Ch]
              push dword ptr [ebp-08h]
              push edi
              call 00007F0718C71283h
              mov dword ptr [ebp-08h], edi
              push DEADBEEFh
              push dword ptr [ebp-0Ch]
              push dword ptr [ebp-08h]
              call 00007F0718C71104h
              cmp dword ptr [ebp-08h], 00000000h
              je 00007F0718C711F6h
              lea eax, dword ptr [ebp-0000040Ch]
              push eax
              push 00000400h
              call 00007F0718C71247h
              push 00403004h
              lea eax, dword ptr [ebp-0000040Ch]
              push eax
              call 00007F0718C7125Ah
              push dword ptr [ebp-0Ch]
              push dword ptr [ebp-08h]
              lea eax, dword ptr [ebp+0000FBF4h]
              Programming Language:
              • [ASM] VS2010 build 30319
              • [IMP] VS2010 build 30319
              • [RES] VS2010 build 30319
              • [LNK] VS2010 build 30319
              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0x20500x28.rdata
              IMAGE_DIRECTORY_ENTRY_RESOURCE0x40000xf02c.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x140000x34.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x48.rdata
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x10000x1f60x200False0.70703125data5.06407990051IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              .rdata0x20000x1d80x200False0.55859375data4.27063873433IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .data0x30000x340x200False0.078125data0.568988040426IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
              .rsrc0x40000xf02c0xf200False0.97611053719data7.97598931266IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0x140000x520x200False0.123046875data0.736046433021IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
              NameRVASizeTypeLanguageCountry
              RT_ICON0x41380x568GLS_BINARY_LSB_FIRST
              RT_RCDATA0x46a00xe600data
              RT_GROUP_ICON0x12ca00x14data
              RT_MANIFEST0x12cb40x377XML 1.0 document, ASCII text, with CRLF line terminators
              DLLImport
              kernel32.dllDeleteFileA, ExitProcess, FindResourceA, FreeLibrary, GetModuleHandleA, GetProcAddress, GetTempPathA, LoadLibraryA, LoadResource, RtlMoveMemory, SizeofResource, VirtualAlloc, lstrcatA, CloseHandle, CreateFileA, FlushFileBuffers, WriteFile

              Network Behavior

              No network behavior found

              Code Manipulations

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              System Behavior

              Start time:02:44:06
              Start date:11/06/2021
              Path:C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe
              Wow64 process (32bit):true
              Commandline:'C:\Users\user\Desktop\Sketchup+Pro+2016+Patch+x86.zip%2F32-patch.exe'
              Imagebase:0xe70000
              File size:65024 bytes
              MD5 hash:87BCEFDDBB591C34932D5218C1862702
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_GenericPatcher, Description: Yara detected Generic Patcher, Source: 00000001.00000002.462637259.0000000000E10000.00000004.00000001.sdmp, Author: Joe Security
              Reputation:low

              Disassembly

              Code Analysis

              Execution Graph

              Execution Coverage

              Dynamic/Packed Code Coverage

              Signature Coverage

              Execution Coverage:5.3%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:8.6%
              Total number of Nodes:1284
              Total number of Limit Nodes:10

              Graph

              Show Legend
              Hide Nodes/Edges
              execution_graph 3924 737f633f 3944 737f6344 3924->3944 3925 737f6520 LoadStringA 3926 737f22c0 5 API calls 3925->3926 3927 737f6541 3926->3927 3929 737f6577 3 API calls 3927->3929 3928 737f4338 88 API calls 3928->3944 3931 737f654c GetDlgItem EnableWindow RedrawWindow 3929->3931 3930 737f4791 90 API calls 3930->3944 3932 737f5b9c 70 API calls 3932->3944 3933 737f5516 36 API calls 3933->3944 3934 737f498e 103 API calls 3934->3944 3935 737f64ab LoadStringA 3937 737f22c0 5 API calls 3935->3937 3936 737f4ee6 72 API calls 3936->3944 3937->3944 3938 737f64de LoadStringA 3939 737f22c0 5 API calls 3938->3939 3939->3944 3940 737f5266 19 API calls 3940->3944 3941 737f149b 3 API calls 3941->3944 3942 737f63b9 LoadStringA 3943 737f22c0 5 API calls 3942->3943 3943->3944 3944->3925 3944->3928 3944->3930 3944->3932 3944->3933 3944->3934 3944->3935 3944->3936 3944->3938 3944->3940 3944->3941 3944->3942 3945 737f22c0 SendMessageA SendMessageA SendMessageA GetStdHandle WriteFile 3944->3945 3946 737f14e6 8 API calls 3944->3946 3947 737f625c GetProcAddress 3944->3947 3948 737f6435 3944->3948 3945->3944 3946->3944 3947->3944 3949 737f22c0 5 API calls 3948->3949 3950 737f643f 3949->3950 3950->3925 3679 737f197e 3680 737f1993 GetWindowLongA GetWindowLongA SendMessageA SetCapture 3679->3680 3681 737f19d2 3679->3681 3682 737f1b73 DefWindowProcA 3680->3682 3683 737f19dd GetWindowRect 3681->3683 3684 737f1ac0 3681->3684 3685 737f1a14 3683->3685 3684->3682 3686 737f1ad4 3684->3686 3687 737f1ae0 GetWindowLongA GetWindowLongA SendMessageA GetWindowRect 3684->3687 3688 737f1a2c GetWindowLongA GetWindowLongA SendMessageA ReleaseCapture 3685->3688 3689 737f1a68 3685->3689 3690 737f1b6e ReleaseCapture 3687->3690 3691 737f1b40 3687->3691 3688->3682 3692 737f1a7a 3689->3692 3693 737f1a81 SetCapture GetWindowLongA GetWindowLongA SendMessageA 3689->3693 3690->3682 3691->3690 3694 737f1b4d GetParent GetDlgCtrlID SendMessageA 3691->3694 3693->3682 3694->3690 3951 737f2b3e 3952 737f2be5 3951->3952 3953 737f2b55 3951->3953 3954 737f2bf0 3952->3954 3957 737f2c90 3952->3957 3955 737f2b7e SetTextColor 3953->3955 3959 737f2b5e SetTextColor 3953->3959 3956 737f2ccb CallWindowProcA 3954->3956 3958 737f2bff GetParent GetActiveWindow 3954->3958 3967 737f2b9c SetBkMode 3955->3967 3957->3956 3962 737f2ca2 ShellExecuteA 3957->3962 3963 737f2c87 3958->3963 3964 737f2c12 GetCursorPos GetWindowRect PtInRect 3958->3964 3959->3967 3965 737f2c3a GetCapture 3964->3965 3966 737f2c63 GetCapture 3964->3966 3965->3963 3968 737f2c43 SetCapture InvalidateRect 3965->3968 3966->3963 3969 737f2c6c ReleaseCapture InvalidateRect 3966->3969 3970 737f2baf 3967->3970 3971 737f2bce GetSysColor CreateSolidBrush 3967->3971 3968->3963 3969->3963 3972 737f2bb8 CreateSolidBrush 3970->3972 3973 737f2bc5 GetStockObject 3970->3973 3974 737f2bdb 3971->3974 3972->3974 3973->3974 3979 737f4735 3983 737f46a1 3979->3983 3980 737f46c2 MapViewOfFile 3980->3983 3981 737f4775 CloseHandle 3982 737f477d CloseHandle 3981->3982 3984 737f4787 3982->3984 3983->3980 3983->3981 3985 737f471f UnmapViewOfFile 3983->3985 3985->3983 3386 e7102b 3389 e71037 GetModuleHandleA FindResourceA 3386->3389 3390 e71068 SizeofResource LoadResource 3389->3390 3391 e71086 3389->3391 3390->3391 3392 e710c1 3391->3392 3393 e7108f VirtualAlloc RtlMoveMemory 3391->3393 3394 e710c7 GetTempPathA lstrcatA 3392->3394 3395 e710fb LoadLibraryA 3392->3395 3393->3392 3401 e71184 CreateFileA 3394->3401 3397 e71030 ExitProcess 3395->3397 3398 e7110b GetProcAddress 3395->3398 3399 e7111e FreeLibrary DeleteFileA 3398->3399 3400 e7111c 3398->3400 3399->3397 3400->3399 3402 e711af WriteFile FlushFileBuffers CloseHandle 3401->3402 3403 e711a9 3401->3403 3402->3395 3403->3395 3695 737fa6f0 RegCreateKeyExA 3696 737fa72f 3695->3696 3697 737fa71a RegDeleteValueA RegCloseKey 3695->3697 3697->3696 3986 737f58b0 3987 737f58ca GetWindowLongA 3986->3987 3988 737f59a8 3986->3988 3991 737f58e7 SetWindowPos 3987->3991 4005 737f58fb 3987->4005 3989 737f59af 3988->3989 3990 737f5a04 3988->3990 3992 737f59b7 GetDlgItemTextA 3989->3992 3993 737f59e1 GetKeyState 3989->3993 3994 737f5a0b 3990->3994 3995 737f5a6a 3990->3995 3991->4005 4000 737f59d7 3992->4000 4001 737f59ff 3992->4001 3993->4001 4002 737f59ee SendMessageA 3993->4002 4003 737f5a59 3994->4003 4004 737f5a14 SetTextColor 3994->4004 3997 737f5a95 3995->3997 3998 737f5a71 3995->3998 3996 737f5920 3999 737f16e0 30 API calls 3996->3999 4009 737f5aae 3997->4009 4010 737f5a9a 3997->4010 4006 737f5a7a CreateSolidBrush 3998->4006 4007 737f5a87 3998->4007 4008 737f593f 3999->4008 4000->4001 4011 737f5ad6 EndDialog 4000->4011 4002->4001 4012 737f5a3e SetBkColor CreateSolidBrush 4004->4012 4013 737f5a2b SetBkMode GetStockObject 4004->4013 4005->3996 4026 737f3c34 GetDlgItem SendMessageA 4005->4026 4006->4007 4015 737f1460 3 API calls 4008->4015 4009->4000 4017 737f5ab5 4009->4017 4016 737f3c60 9 API calls 4010->4016 4011->4001 4012->4003 4013->4003 4018 737f594e 4015->4018 4019 737f5aa5 4016->4019 4017->4001 4020 737f5abb SendMessageA 4017->4020 4021 737f595b 4018->4021 4022 737f3ae0 4 API calls 4018->4022 4020->4001 4027 737f7260 GetClientRect GetClientRect 4021->4027 4022->4021 4024 737f5969 RtlMoveMemory SetWindowTextA 4024->4001 4026->3996 4029 737f728d GetWindowRect GetWindowRect MoveWindow 4027->4029 4029->4024 3698 737f2cee 3699 737f2d4f GetDlgCtrlID 3698->3699 3700 737f2cfd 3698->3700 3701 737f2d5c CallWindowProcA GetParent InvalidateRect 3699->3701 3700->3699 3703 737f2d95 GetDlgCtrlID 3700->3703 3704 737f2da2 CallWindowProcA 3703->3704 3706 737f2ce7 3708 737f2cee 3706->3708 3707 737f2d4f GetDlgCtrlID 3709 737f2d5c CallWindowProcA GetParent InvalidateRect 3707->3709 3708->3707 3711 737f2d95 GetDlgCtrlID 3708->3711 3712 737f2da2 CallWindowProcA 3711->3712 4030 737f1424 4031 737f14a9 FindResourceA 4030->4031 4032 737f1443 4030->4032 4033 737f14bc SizeofResource LoadResource 4031->4033 4034 737f14ba 4031->4034 4035 737f149b 3 API calls 4032->4035 4036 737f147d 4032->4036 4033->4034 4035->4032 4037 737f58a1 4038 737f58b0 4037->4038 4039 737f58ca GetWindowLongA 4038->4039 4040 737f59a8 4038->4040 4043 737f58e7 SetWindowPos 4039->4043 4057 737f58fb 4039->4057 4041 737f59af 4040->4041 4042 737f5a04 4040->4042 4044 737f59b7 GetDlgItemTextA 4041->4044 4045 737f59e1 GetKeyState 4041->4045 4046 737f5a0b 4042->4046 4047 737f5a6a 4042->4047 4043->4057 4052 737f59d7 4044->4052 4053 737f59ff 4044->4053 4045->4053 4054 737f59ee SendMessageA 4045->4054 4055 737f5a59 4046->4055 4056 737f5a14 SetTextColor 4046->4056 4049 737f5a95 4047->4049 4050 737f5a71 4047->4050 4048 737f5920 4051 737f16e0 30 API calls 4048->4051 4061 737f5aae 4049->4061 4062 737f5a9a 4049->4062 4058 737f5a7a CreateSolidBrush 4050->4058 4059 737f5a87 4050->4059 4060 737f593f 4051->4060 4052->4053 4063 737f5ad6 EndDialog 4052->4063 4054->4053 4064 737f5a3e SetBkColor CreateSolidBrush 4056->4064 4065 737f5a2b SetBkMode GetStockObject 4056->4065 4057->4048 4078 737f3c34 GetDlgItem SendMessageA 4057->4078 4058->4059 4067 737f1460 3 API calls 4060->4067 4061->4052 4069 737f5ab5 4061->4069 4068 737f3c60 9 API calls 4062->4068 4063->4053 4064->4055 4065->4055 4070 737f594e 4067->4070 4071 737f5aa5 4068->4071 4069->4053 4072 737f5abb SendMessageA 4069->4072 4073 737f595b 4070->4073 4074 737f3ae0 4 API calls 4070->4074 4072->4053 4075 737f7260 5 API calls 4073->4075 4074->4073 4076 737f5969 RtlMoveMemory SetWindowTextA 4075->4076 4076->4053 4078->4048 3714 737f2be0 3715 737f2ccb CallWindowProcA 3714->3715 3716 737f6ce0 FindFirstFileA 3717 737f6cfd 3716->3717 3718 737f6d04 FindClose 3716->3718 3718->3717 4083 737fa7a0 4084 737fa7af GetVersionExA 4083->4084 4085 737fa7ce RegCreateKeyExA 4083->4085 4084->4085 4087 737fa80a lstrlenA RegSetValueExA RegCloseKey 4085->4087 4088 737fa834 4085->4088 4087->4088 3719 737f1adb 3720 737f1b73 DefWindowProcA 3719->3720 4089 737f4817 4090 737f4920 4089->4090 4091 737f28d8 22 API calls 4090->4091 4092 737f492b 4091->4092 4093 737f4953 LoadStringA 4092->4093 4094 737f4931 LoadStringA 4092->4094 4095 737f496f 4093->4095 4094->4095 4096 737f22c0 5 API calls 4095->4096 4097 737f4975 4096->4097 4098 737f4983 4097->4098 4099 737f40fa 7 API calls 4097->4099 4099->4098 4100 737f2115 4101 737f2120 4100->4101 4102 737f149b 3 API calls 4101->4102 4103 737f2150 4101->4103 4102->4101 3404 737f2dd0 3405 737f2dea GetDlgItem GetDlgItem 3404->3405 3406 737f3298 3404->3406 3551 737f2ad8 LoadCursorA 3405->3551 3408 737f32b6 3406->3408 3409 737f3372 3406->3409 3471 737f329f 3406->3471 3411 737f32c9 3408->3411 3464 737f32bf 3408->3464 3412 737f33af 3409->3412 3413 737f3377 3409->3413 3415 737f32cf 3411->3415 3416 737f3320 3411->3416 3414 737f33c8 GetDlgCtrlID 3412->3414 3427 737f3556 3412->3427 3417 737f3386 TrackPopupMenu 3413->3417 3413->3471 3422 737f33ec 3414->3422 3423 737f33d6 SendMessageA 3414->3423 3425 737f32dc DialogBoxParamA 3415->3425 3415->3471 3420 737f3326 3416->3420 3421 737f3330 3416->3421 3417->3471 3418 737f2e6e lstrcpyA CreateFontIndirectA SendMessageA 3419 737f2eab LoadIconA SendMessageA 3418->3419 3554 737f1460 3419->3554 3428 737f62cd 254 API calls 3420->3428 3429 737f3336 3421->3429 3430 737f3340 3421->3430 3431 737f33f9 GetDlgCtrlID 3422->3431 3489 737f3543 3422->3489 3423->3489 3424 737f1460 3 API calls 3432 737f3604 3424->3432 3433 737f32fb 3425->3433 3425->3471 3439 737f355d 3427->3439 3440 737f3584 3427->3440 3436 737f332b 3428->3436 3615 737f3d1a 3429->3615 3448 737f3353 ShowWindow ShowWindow 3430->3448 3430->3471 3438 737f3419 SetTextColor 3431->3438 3457 737f3407 3431->3457 3441 737f362e 3432->3441 3442 737f3608 3432->3442 3451 737f3308 MessageBoxA 3433->3451 3434 737f2e47 3434->3418 3434->3419 3435 737f2ed9 3456 737f2f68 CheckDlgButton 3435->3456 3462 737f2ef6 SetWindowTextA 3435->3462 3436->3471 3446 737f3446 SetBkColor CreateSolidBrush 3438->3446 3447 737f3430 SetBkMode GetStockObject 3438->3447 3449 737f3566 CreateSolidBrush 3439->3449 3450 737f3573 3439->3450 3443 737f3589 3440->3443 3444 737f35a0 3440->3444 3635 737f20bd 3441->3635 3442->3441 3630 737f3b6f GetModuleHandleA GetProcAddress 3442->3630 3624 737f3c60 3443->3624 3454 737f35cd 3444->3454 3455 737f35a7 3444->3455 3446->3489 3447->3489 3448->3471 3449->3450 3451->3471 3463 737f35d4 3454->3463 3454->3464 3460 737f35b1 SendMessageA 3455->3460 3455->3471 3560 737f2afb GetDlgItem GetWindowRect GetDlgItem GetWindowRect IntersectRect 3456->3560 3457->3438 3465 737f3464 3457->3465 3460->3471 3558 737f2a53 3462->3558 3470 737f35e1 ShowWindow 3463->3470 3463->3471 3464->3424 3464->3471 3472 737f346a SetTextColor 3465->3472 3473 737f34b5 3465->3473 3470->3471 3479 737f3497 SetBkColor CreateSolidBrush 3472->3479 3480 737f3481 SetBkMode GetStockObject 3472->3480 3474 737f34bb SetTextColor 3473->3474 3475 737f3500 SetTextColor 3473->3475 3481 737f34e5 SetBkColor CreateSolidBrush 3474->3481 3482 737f34d2 SetBkMode GetStockObject 3474->3482 3483 737f352a SetBkColor CreateSolidBrush 3475->3483 3484 737f3517 SetBkMode GetStockObject 3475->3484 3478 737f2f97 3487 737f2fad 3478->3487 3488 737f2fa0 ShowWindow 3478->3488 3479->3489 3480->3489 3481->3489 3482->3489 3483->3489 3484->3489 3486 737f2a53 3490 737f2f16 SetDlgItemTextA 3486->3490 3491 737f1460 3 API calls 3487->3491 3488->3487 3492 737f2a53 3490->3492 3493 737f2fbc 3491->3493 3494 737f2f27 SetDlgItemTextA 3492->3494 3495 737f2fd2 3493->3495 3576 737f2a7d 3493->3576 3497 737f2a53 3494->3497 3496 737f5afe 13 API calls 3495->3496 3500 737f2fd7 3496->3500 3501 737f2f3d SetDlgItemTextA 3497->3501 3503 737f1460 3 API calls 3500->3503 3504 737f2a53 3501->3504 3502 737f2fcb 3582 737f1fe3 GetTempPathA lstrcatA LoadLibraryA 3502->3582 3507 737f2fe6 3503->3507 3505 737f2f4e SetDlgItemTextA 3504->3505 3509 737f2a53 3505->3509 3508 737f3081 GetDlgItem SetWindowLongA 3507->3508 3513 737f305a 3507->3513 3510 737f30cf 3508->3510 3511 737f30b3 GetDlgItem SetWindowLongA 3508->3511 3512 737f2f5f SetDlgItemTextA 3509->3512 3514 737f30d8 GetDlgItem SetWindowLongA 3510->3514 3515 737f30f4 3510->3515 3511->3510 3512->3456 3587 737f3c34 GetDlgItem SendMessageA 3513->3587 3514->3515 3561 737f16e0 LoadBitmapA 3515->3561 3518 737f3067 3588 737f3c34 GetDlgItem SendMessageA 3518->3588 3520 737f16e0 30 API calls 3523 737f3137 3520->3523 3522 737f3074 3589 737f3c34 GetDlgItem SendMessageA 3522->3589 3524 737f16e0 30 API calls 3523->3524 3526 737f3156 3524->3526 3527 737f1460 3 API calls 3526->3527 3528 737f3165 3527->3528 3529 737f316f 3528->3529 3590 737f2294 3528->3590 3530 737f2ad8 2 API calls 3529->3530 3532 737f317a 6 API calls 3530->3532 3533 737f320f 3532->3533 3534 737f31eb SetClassLongA GetDlgItem SetClassLongA 3532->3534 3535 737f1460 3 API calls 3533->3535 3534->3533 3536 737f3225 3535->3536 3537 737f3229 3536->3537 3538 737f3256 3536->3538 3539 737f3249 3537->3539 3540 737f3230 SetTimer 3537->3540 3541 737f1460 3 API calls 3538->3541 3593 737f2244 CreateThread CloseHandle 3539->3593 3540->3539 3543 737f3265 3541->3543 3545 737f3272 3543->3545 3572 737f3ae0 3543->3572 3544 737f3254 3544->3545 3546 737f6089 17 API calls 3545->3546 3548 737f3277 3546->3548 3594 737f38cc GetDlgItem 3548->3594 3552 737f2aec SetClassLongA 3551->3552 3553 737f2af7 LoadStringA 3551->3553 3552->3553 3553->3434 3557 737f1470 3554->3557 3555 737f149b 3 API calls 3555->3557 3556 737f147d 3556->3435 3557->3555 3557->3556 3559 737f2a6a SetDlgItemTextA 3558->3559 3559->3486 3560->3478 3562 737f189f 3561->3562 3563 737f16fd LoadBitmapA 3561->3563 3562->3520 3564 737f170d 3563->3564 3565 737f1710 LoadBitmapA 3563->3565 3564->3565 3566 737f1723 GetDlgItem 3565->3566 3567 737f1720 3565->3567 3566->3562 3568 737f1739 GetWindowRect GetWindowRect 3566->3568 3567->3566 3648 737f18b0 GetWindowLongA GetWindowLongA 3568->3648 3571 737f178e 11 API calls 3571->3562 3573 737f3aea 3572->3573 3574 737f3af5 3572->3574 3661 737f3af9 GetModuleHandleA GetProcAddress 3573->3661 3574->3545 3577 737f1460 3 API calls 3576->3577 3578 737f2a97 3577->3578 3579 737f2a9b GetTempPathA lstrcatA 3578->3579 3580 737f2acd 3578->3580 3581 737f6d4c 4 API calls 3579->3581 3580->3495 3580->3502 3581->3580 3583 737f2076 3582->3583 3586 737f2029 3582->3586 3583->3495 3584 737f203a GetProcAddress 3585 737f205a FreeLibrary 3584->3585 3584->3586 3585->3583 3586->3583 3586->3584 3587->3518 3588->3522 3589->3508 3591 737f229f ExtCreateRegion SetWindowRgn 3590->3591 3592 737f22bb 3590->3592 3591->3592 3592->3529 3593->3544 3595 737f38ed ShowWindow 3594->3595 3596 737f327c SetFocus 3594->3596 3597 737f3912 3595->3597 3597->3596 3598 737f3923 GetWindowRect GetWindowRect 3597->3598 3599 737f18b0 12 API calls 3598->3599 3600 737f397a 3599->3600 3601 737f1460 3 API calls 3600->3601 3602 737f3989 3601->3602 3603 737f1460 3 API calls 3602->3603 3604 737f39a2 RtlZeroMemory lstrcpyA 3603->3604 3606 737f1460 3 API calls 3604->3606 3607 737f39f9 3606->3607 3608 737f3a7b CreateFontIndirectA 3607->3608 3610 737f3a1a GetTempPathA lstrcatA lstrcatA 3607->3610 3669 737f1b8b CreateThread CloseHandle 3608->3669 3664 737f3a8f 3610->3664 3613 737f3a6d 3613->3608 3614 737f3a71 lstrcpyA 3614->3608 3616 737f3d9c 3615->3616 3617 737f3d24 SendMessageA 3615->3617 3616->3436 3617->3616 3618 737f3d3d VirtualAlloc 3617->3618 3622 737f3d79 3618->3622 3619 737f3d59 SendMessageA lstrcatA 3619->3622 3620 737f3d85 3670 737f71e0 3620->3670 3622->3619 3622->3620 3625 737f3594 3624->3625 3626 737f3c70 CreateSolidBrush SelectObject RoundRect 3624->3626 3627 737f3ca8 OffsetRect 3626->3627 3628 737f3cb5 GetDlgItemTextA SetBkMode SetTextColor DrawTextA 3626->3628 3627->3628 3628->3625 3629 737f3d00 OffsetRect 3628->3629 3629->3625 3631 737f3b95 GetWindowLongA SetWindowLongA 3630->3631 3632 737f3c16 3630->3632 3633 737f3bc1 3631->3633 3632->3441 3633->3632 3634 737f3bff Sleep UpdateWindow 3633->3634 3634->3633 3636 737f20de DeleteFileA 3635->3636 3637 737f20c8 FreeLibrary 3635->3637 3639 737f3ac2 3636->3639 3637->3636 3640 737f3642 FreeLibrary DeleteFileA 3639->3640 3641 737f3acb RemoveFontResourceA DeleteFileA 3639->3641 3642 737f61bc GetTempPathA 3640->3642 3641->3640 3643 737f6251 3642->3643 3644 737f365c EndDialog 3643->3644 3645 737f61e0 FreeLibrary 3643->3645 3644->3471 3646 737f2200 lstrcatA 3645->3646 3647 737f61fa lstrcpyA lstrcatA lstrcatA lstrcatA DeleteFileA 3646->3647 3647->3643 3649 737f18d9 3648->3649 3650 737f1901 3648->3650 3649->3650 3653 737f18ed GetSystemMetrics 3649->3653 3654 737f18f8 GetSystemMetrics 3649->3654 3651 737f1909 GetSystemMetrics GetSystemMetrics 3650->3651 3652 737f1920 3650->3652 3655 737f193d 3651->3655 3652->3655 3656 737f1928 GetSystemMetrics GetSystemMetrics 3652->3656 3653->3650 3654->3650 3657 737f195a 3655->3657 3658 737f1945 GetSystemMetrics GetSystemMetrics 3655->3658 3656->3655 3659 737f1772 ShowWindow 3657->3659 3660 737f1962 GetSystemMetrics GetSystemMetrics 3657->3660 3658->3657 3659->3571 3660->3659 3662 737f3b3e 3661->3662 3663 737f3b16 GetWindowLongA SetWindowLongA 3661->3663 3662->3574 3663->3662 3665 737f6d4c 4 API calls 3664->3665 3666 737f3aa0 3665->3666 3667 737f3a65 3666->3667 3668 737f3aa4 lstrcpyA AddFontResourceA 3666->3668 3667->3613 3667->3614 3668->3667 3669->3596 3671 737f3d8c VirtualFree 3670->3671 3672 737f71f2 lstrlenA 3670->3672 3671->3616 3672->3671 3673 737f71fc OpenClipboard 3672->3673 3673->3671 3674 737f720a GlobalAlloc 3673->3674 3675 737f721c GlobalLock 3674->3675 3676 737f7249 CloseClipboard 3674->3676 3675->3676 3677 737f7228 lstrcpyA EmptyClipboard 3675->3677 3676->3671 3677->3676 3678 737f723b GlobalUnlock SetClipboardData 3677->3678 3678->3676 4104 737f3690 4105 737f3757 4104->4105 4106 737f36a4 GetWindowLongA 4104->4106 4109 737f375e 4105->4109 4110 737f3786 4105->4110 4113 737f383c 4105->4113 4107 737f36cc 4106->4107 4108 737f36b8 SetWindowPos 4106->4108 4111 737f36d9 SetDlgItemTextA 4107->4111 4108->4107 4112 737f38a8 EndDialog 4109->4112 4135 737f3752 4109->4135 4114 737f3793 GetDlgCtrlID 4110->4114 4128 737f3829 4110->4128 4117 737f3709 4111->4117 4130 737f36ed 4111->4130 4112->4135 4115 737f3867 4113->4115 4116 737f3843 4113->4116 4118 737f37e6 SetTextColor 4114->4118 4119 737f37a1 SetTextColor 4114->4119 4123 737f386c 4115->4123 4124 737f3880 4115->4124 4122 737f384c CreateSolidBrush 4116->4122 4129 737f3859 4116->4129 4125 737f16e0 30 API calls 4117->4125 4120 737f37fd SetBkMode GetStockObject 4118->4120 4121 737f3810 SetBkColor CreateSolidBrush 4118->4121 4126 737f37cb SetBkColor CreateSolidBrush 4119->4126 4127 737f37b8 SetBkMode GetStockObject 4119->4127 4120->4128 4121->4128 4122->4129 4131 737f3c60 9 API calls 4123->4131 4124->4109 4133 737f3887 4124->4133 4132 737f3728 4125->4132 4126->4128 4127->4128 4130->4117 4143 737f3c34 GetDlgItem SendMessageA 4130->4143 4137 737f3877 4131->4137 4138 737f1460 3 API calls 4132->4138 4134 737f388d SendMessageA 4133->4134 4133->4135 4134->4135 4139 737f3737 4138->4139 4140 737f3744 4139->4140 4141 737f3ae0 4 API calls 4139->4141 4142 737f7260 5 API calls 4140->4142 4141->4140 4142->4135 4143->4117 3721 737f60cf 3722 737f60d4 3721->3722 3723 737f61ab SetCurrentDirectoryA 3722->3723 3724 737f2200 lstrcatA 3722->3724 3725 737f149b 3 API calls 3722->3725 3728 737f6d4c 4 API calls 3722->3728 3729 737f6162 LoadLibraryA 3722->3729 3726 737f60ef lstrcpyA lstrcatA lstrcatA lstrcatA 3724->3726 3725->3722 3727 737f149b 3 API calls 3726->3727 3727->3722 3728->3722 3729->3722 2734 737f424c 2735 737f4262 2734->2735 2760 737f7040 lstrlenA 2735->2760 2738 737f7040 2 API calls 2739 737f4281 2738->2739 2740 737f7040 2 API calls 2739->2740 2741 737f4293 2740->2741 2742 737f7040 2 API calls 2741->2742 2743 737f42a8 2742->2743 2744 737f42ac ExpandEnvironmentStringsA 2743->2744 2745 737f42c5 2743->2745 2744->2745 2764 737f70b0 2745->2764 2747 737f42cd 2748 737f7040 2 API calls 2747->2748 2749 737f42dd 2748->2749 2750 737f4304 2749->2750 2751 737f42e1 ExpandEnvironmentStringsA SetEnvironmentVariableA 2749->2751 2752 737f430d DialogBoxParamA 2750->2752 2753 737f4325 2750->2753 2751->2750 2754 737f4334 2752->2754 2769 737f5afe 2753->2769 2758 737f432f 2758->2754 2787 737f62cd 2758->2787 2761 737f705b 2760->2761 2763 737f426f 2760->2763 2762 737f7064 CompareStringA 2761->2762 2761->2763 2762->2761 2762->2763 2763->2738 2765 737f70f0 2764->2765 2766 737f70c0 GetModuleHandleA GetModuleFileNameA lstrlenA 2764->2766 2768 737f70f3 SetCurrentDirectoryA 2765->2768 2767 737f70e4 2766->2767 2767->2768 2768->2747 2819 737f149b 2769->2819 2772 737f432a 2777 737f6089 GetTempPathA GetCurrentDirectoryA SetCurrentDirectoryA 2772->2777 2773 737f5b17 GetTempPathA lstrcatA 2823 737f6d4c CreateFileA 2773->2823 2775 737f5b48 LoadLibraryA 2775->2772 2776 737f5b56 GetProcAddress GetProcAddress GetProcAddress 2775->2776 2776->2772 2778 737f60d4 2777->2778 2779 737f149b 3 API calls 2778->2779 2780 737f61ab SetCurrentDirectoryA 2778->2780 2784 737f60dd 2778->2784 2779->2778 2780->2758 2783 737f149b 3 API calls 2783->2784 2784->2778 2785 737f6d4c 4 API calls 2784->2785 2786 737f6162 LoadLibraryA 2784->2786 2826 737f2200 2784->2826 2785->2784 2786->2778 2786->2784 2788 737f62df ShowWindow ShowWindow 2787->2788 2789 737f62f9 SendMessageA LoadStringA 2787->2789 2788->2789 2830 737f22c0 2789->2830 2792 737f22c0 5 API calls 2813 737f6338 2792->2813 2793 737f149b 3 API calls 2793->2813 2794 737f6520 LoadStringA 2795 737f22c0 5 API calls 2794->2795 2796 737f6541 2795->2796 3116 737f6577 LoadBitmapA 2796->3116 2804 737f64ab LoadStringA 2806 737f22c0 5 API calls 2804->2806 2806->2813 2807 737f64de LoadStringA 2808 737f22c0 5 API calls 2807->2808 2808->2813 2810 737f63b9 LoadStringA 2812 737f22c0 5 API calls 2810->2812 2811 737f22c0 SendMessageA SendMessageA SendMessageA GetStdHandle WriteFile 2811->2813 2812->2813 2813->2793 2813->2794 2813->2804 2813->2807 2813->2810 2813->2811 2816 737f6435 2813->2816 2837 737f4338 2813->2837 2881 737f4791 2813->2881 2914 737f5b9c 2813->2914 2989 737f5516 LoadStringA 2813->2989 3009 737f498e LoadStringA 2813->3009 3051 737f4ee6 LoadStringA 2813->3051 3092 737f5266 LoadStringA 2813->3092 3108 737f14e6 2813->3108 3112 737f625c 2813->3112 2817 737f22c0 5 API calls 2816->2817 2818 737f643f 2817->2818 2818->2794 2820 737f14a9 FindResourceA 2819->2820 2821 737f14bc SizeofResource LoadResource 2820->2821 2822 737f14ba 2820->2822 2821->2822 2822->2772 2822->2773 2824 737f6d77 WriteFile FlushFileBuffers CloseHandle 2823->2824 2825 737f6d71 2823->2825 2824->2775 2825->2775 2827 737f2214 2826->2827 2828 737f223a lstrcpyA lstrcatA lstrcatA lstrcatA 2827->2828 2829 737f2223 lstrcatA 2827->2829 2828->2783 2829->2827 2831 737f22ce SendMessageA SendMessageA SendMessageA 2830->2831 2832 737f22fc 2830->2832 2831->2832 3119 737f6d14 GetStdHandle 2832->3119 2834 737f2306 2835 737f6d14 2 API calls 2834->2835 2836 737f230e 2835->2836 2836->2792 2838 737f435d LoadStringA 2837->2838 2839 737f4358 2837->2839 2840 737f22c0 5 API calls 2838->2840 3124 737f40cf GetModuleHandleA GetProcAddress 2839->3124 2842 737f437e 2840->2842 3128 737f2463 ExpandEnvironmentStringsA ExpandEnvironmentStringsA 2842->3128 2845 737f43fe LoadStringA 2851 737f22c0 5 API calls 2845->2851 2846 737f43a7 2849 737f43af LoadStringA 2846->2849 2850 737f43db LoadStringA 2846->2850 2847 737f45a2 LoadStringA 2852 737f45ec 2847->2852 2848 737f45d0 LoadStringA 2848->2852 2853 737f22c0 5 API calls 2849->2853 2854 737f22c0 5 API calls 2850->2854 2855 737f43fc 2851->2855 2858 737f22c0 5 API calls 2852->2858 2878 737f4397 2853->2878 2854->2855 2856 737f448a LoadStringA 2855->2856 2857 737f4425 2855->2857 2860 737f22c0 5 API calls 2856->2860 2863 737f443b LoadStringA 2857->2863 2864 737f4467 LoadStringA 2857->2864 2859 737f45f2 2858->2859 3187 737f28d8 2859->3187 2862 737f4488 2860->2862 2866 737f44b4 2862->2866 2873 737f4532 2862->2873 2867 737f22c0 5 API calls 2863->2867 2868 737f22c0 5 API calls 2864->2868 3176 737f65ae 2866->3176 2867->2878 2868->2862 2869 737f460b 2869->2813 2872 737f44d1 2874 737f4508 LoadStringA 2872->2874 2875 737f44d5 LoadStringA 2872->2875 2873->2878 2879 737f4568 LoadStringA 2873->2879 2877 737f22c0 5 API calls 2874->2877 2876 737f22c0 5 API calls 2875->2876 2876->2878 2877->2878 2878->2847 2878->2848 2880 737f22c0 5 API calls 2879->2880 2880->2878 2882 737f47b6 LoadStringA 2881->2882 2883 737f47b1 2881->2883 2885 737f22c0 5 API calls 2882->2885 2884 737f40cf 7 API calls 2883->2884 2884->2882 2886 737f47d7 2885->2886 2887 737f2463 51 API calls 2886->2887 2888 737f47ec 2887->2888 2889 737f481c 2888->2889 2890 737f47f0 2888->2890 2891 737f4829 2889->2891 2900 737f48aa 2889->2900 2892 737f28d8 22 API calls 2890->2892 2893 737f65ae 9 API calls 2891->2893 2894 737f47fb 2892->2894 2895 737f4846 2893->2895 3238 737f4616 GetSystemInfo CreateFileA 2894->3238 2897 737f487d LoadStringA 2895->2897 2898 737f484a LoadStringA 2895->2898 2902 737f22c0 5 API calls 2897->2902 2901 737f22c0 5 API calls 2898->2901 2899 737f4803 2906 737f4953 LoadStringA 2899->2906 2907 737f4931 LoadStringA 2899->2907 2903 737f48e9 LoadStringA 2900->2903 2905 737f486b 2900->2905 2901->2905 2902->2905 2904 737f22c0 5 API calls 2903->2904 2904->2900 2908 737f28d8 22 API calls 2905->2908 2909 737f496f 2906->2909 2907->2909 2908->2899 2910 737f22c0 5 API calls 2909->2910 2911 737f4975 2910->2911 2912 737f4983 2911->2912 2913 737f40fa 7 API calls 2911->2913 2912->2813 2913->2912 2915 737f5bbb 2914->2915 2916 737f5bc0 ExpandEnvironmentStringsA ExpandEnvironmentStringsA 2914->2916 2917 737f40cf 7 API calls 2915->2917 2918 737f5bf8 2916->2918 2917->2916 2919 737f5c1b 2918->2919 2923 737f6ea0 lstrlenA 2918->2923 2920 737f5c27 GetModuleFileNameA 2919->2920 2921 737f5c76 LoadStringA 2919->2921 2924 737f5c46 2920->2924 2922 737f22c0 5 API calls 2921->2922 2925 737f5c97 2922->2925 2926 737f5c07 lstrcpyA 2923->2926 2928 737f5c5c lstrcatA lstrcpyA 2924->2928 2929 737f5c4b lstrcatA 2924->2929 2927 737f22c0 5 API calls 2925->2927 2926->2919 2930 737f5c9d 2927->2930 2928->2921 2929->2928 2931 737f5cf8 GetFileAttributesA 2930->2931 2932 737f5cec 2930->2932 2933 737f5cb4 lstrcpyA 2930->2933 2934 737f5d0b 2931->2934 2935 737f5d9b 2931->2935 2932->2931 2937 737f5dbe 2932->2937 2936 737f5ccd 2933->2936 2938 737f5d14 2934->2938 2941 737f5d1f LoadStringA MessageBoxA 2934->2941 2942 737f5d4b 2934->2942 2939 737f5df4 2935->2939 2940 737f5dcf lstrcpyA 2935->2940 2945 737f6ea0 lstrlenA 2936->2945 2944 737f603c SetEnvironmentVariableA lstrcpyA 2937->2944 2949 737f2368 10 API calls 2937->2949 2948 737f2313 5 API calls 2938->2948 2943 737f6d4c 4 API calls 2939->2943 2946 737f5de8 2940->2946 2941->2942 2942->2938 2952 737f5d9d LoadStringA 2942->2952 2947 737f5e04 2943->2947 2951 737f226a 2944->2951 2950 737f5cd3 2945->2950 3250 737f7170 2946->3250 2953 737f5e3d 2947->2953 2954 737f5e08 GetFileAttributesA 2947->2954 2955 737f5d6f SetFileAttributesA LoadStringA 2948->2955 2949->2944 3248 737f7100 lstrcpyA GetSaveFileNameA 2950->3248 2957 737f6060 SetEnvironmentVariableA 2951->2957 2958 737f22c0 5 API calls 2952->2958 2959 737f5e44 SetFileAttributesA 2953->2959 2960 737f5e71 2953->2960 2954->2937 2962 737f5e17 LoadStringA 2954->2962 2963 737f22c0 5 API calls 2955->2963 2964 737f607f 2957->2964 2965 737f607a 2957->2965 2958->2937 2959->2960 2967 737f5e50 LoadStringA 2959->2967 2968 737f5e7e LoadStringA 2960->2968 2969 737f6006 LoadStringA 2960->2969 2970 737f22c0 5 API calls 2962->2970 2963->2935 2964->2813 2966 737f40fa 7 API calls 2965->2966 2966->2964 2971 737f22c0 5 API calls 2967->2971 2972 737f22c0 5 API calls 2968->2972 2973 737f22c0 5 API calls 2969->2973 2970->2937 2971->2960 2974 737f5e9f 2972->2974 2973->2937 2975 737f5eca 2974->2975 2976 737f5ea5 lstrcpyA 2974->2976 2978 737f5ed6 ExpandEnvironmentStringsA 2975->2978 2980 737f5ed2 2975->2980 2977 737f226a 2976->2977 2979 737f5ebe SetCurrentDirectoryA 2977->2979 2978->2980 2979->2975 2981 737f5efb RtlZeroMemory RtlZeroMemory lstrcpyA 2980->2981 2982 737f5fc4 ShellExecuteA 2980->2982 2984 737f5f2e GetCurrentDirectoryA lstrcatA lstrcatA 2981->2984 2985 737f5f63 lstrcatA lstrcatA lstrcatA CreateProcessA WaitForSingleObject 2981->2985 2983 737f5fd6 2982->2983 2983->2969 2986 737f5fdf LoadStringA 2983->2986 2984->2985 2985->2983 2987 737f22c0 5 API calls 2986->2987 2988 737f6000 DeleteFileA 2987->2988 2988->2969 2990 737f22c0 5 API calls 2989->2990 2991 737f5547 GetTempPathA lstrcatA 2990->2991 2992 737f557a VirtualAlloc 2991->2992 2993 737f5575 2991->2993 3255 737f57a2 2992->3255 2994 737f40cf 7 API calls 2993->2994 2994->2992 2996 737f55ac 2997 737f55f5 2996->2997 2998 737f55bb VirtualAlloc 2996->2998 3000 737f6d4c 4 API calls 2997->3000 3262 737f56f6 VirtualAlloc ExpandEnvironmentStringsA 2998->3262 3001 737f5609 3000->3001 3002 737f569c VirtualFree 3001->3002 3003 737f5611 6 API calls 3001->3003 3004 737f56bb VirtualFree 3002->3004 3005 737f56d1 DeleteFileA 3002->3005 3003->3002 3004->3005 3006 737f56eb 3005->3006 3007 737f56e6 3005->3007 3006->2813 3008 737f40fa 7 API calls 3007->3008 3008->3006 3010 737f22c0 5 API calls 3009->3010 3011 737f49c9 3010->3011 3012 737f49e3 3011->3012 3013 737f40cf 7 API calls 3011->3013 3014 737f2463 51 API calls 3012->3014 3013->3012 3015 737f49f4 3014->3015 3016 737f49f8 3015->3016 3019 737f4a1b VirtualAlloc VirtualAlloc 3015->3019 3017 737f4ea5 LoadStringA 3016->3017 3018 737f4e83 LoadStringA 3016->3018 3022 737f4ec1 3017->3022 3018->3022 3020 737f4a55 WideCharToMultiByte LoadStringA 3019->3020 3021 737f4aa2 RtlMoveMemory 3019->3021 3023 737f22c0 5 API calls 3020->3023 3048 737f4a99 3021->3048 3024 737f22c0 5 API calls 3022->3024 3023->3048 3025 737f4ec7 3024->3025 3027 737f4edb 3025->3027 3029 737f40fa 7 API calls 3025->3029 3026 737f4d74 3028 737f28d8 22 API calls 3026->3028 3027->2813 3030 737f4d7e SetFileAttributesA 3028->3030 3029->3027 3034 737f4d9e MultiByteToWideChar lstrlenW 3030->3034 3038 737f4ddf 3030->3038 3031 737f4af3 RtlZeroMemory 3033 737f4b11 ExpandEnvironmentStringsA 3031->3033 3031->3048 3033->3048 3034->3038 3035 737f4b41 ExpandEnvironmentStringsA 3035->3048 3039 737f6d4c 4 API calls 3038->3039 3040 737f4dff 3039->3040 3041 737f4e03 3040->3041 3042 737f4e5d VirtualFree VirtualFree 3040->3042 3043 737f4e12 CreateFileA 3040->3043 3041->3042 3042->3016 3043->3042 3045 737f4e38 SetFileTime CloseHandle 3043->3045 3045->3042 3046 737f4c31 DialogBoxParamA 3046->3048 3047 737f4c9c RtlMoveMemory 3047->3048 3048->3026 3048->3031 3048->3035 3048->3046 3048->3047 3049 737f4cb9 RtlMoveMemory RtlMoveMemory 3048->3049 3050 737f4ce3 RtlMoveMemory RtlMoveMemory 3048->3050 3268 737f3e20 3048->3268 3274 737f3da0 RtlZeroMemory 3048->3274 3049->3048 3050->3048 3052 737f22c0 5 API calls 3051->3052 3054 737f4f10 3052->3054 3053 737f4f4b 3056 737f2463 51 API calls 3053->3056 3054->3053 3055 737f40cf 7 API calls 3054->3055 3055->3053 3057 737f4f5b 3056->3057 3058 737f4f98 3057->3058 3059 737f4f77 LoadStringA 3057->3059 3087 737f4f5f 3057->3087 3063 737f4fd5 LoadStringA 3058->3063 3064 737f4fb2 LoadStringA 3058->3064 3070 737f4fd3 3058->3070 3060 737f22c0 5 API calls 3059->3060 3060->3058 3065 737f22c0 5 API calls 3063->3065 3067 737f22c0 5 API calls 3064->3067 3065->3070 3066 737f51cc CreateFileA 3068 737f51ed LoadStringA 3066->3068 3069 737f5217 LoadStringA 3066->3069 3067->3070 3073 737f22c0 5 API calls 3068->3073 3074 737f22c0 5 API calls 3069->3074 3075 737f5045 LoadStringA 3070->3075 3076 737f5022 LoadStringA 3070->3076 3088 737f5043 3070->3088 3071 737f524f 3071->2813 3072 737f520e 3072->3071 3077 737f40fa 7 API calls 3072->3077 3073->3072 3079 737f5238 CloseHandle 3074->3079 3081 737f22c0 5 API calls 3075->3081 3080 737f22c0 5 API calls 3076->3080 3077->3071 3078 737f50ec 3082 737f519a LoadStringA 3078->3082 3083 737f5170 LoadStringA 3078->3083 3078->3087 3079->3072 3080->3088 3081->3088 3085 737f22c0 5 API calls 3082->3085 3084 737f22c0 5 API calls 3083->3084 3084->3087 3085->3087 3086 737f50ee LoadStringA 3089 737f22c0 5 API calls 3086->3089 3276 737f29c2 3087->3276 3088->3078 3088->3086 3090 737f50cb LoadStringA 3088->3090 3089->3078 3091 737f22c0 5 API calls 3090->3091 3091->3078 3093 737f22c0 5 API calls 3092->3093 3094 737f5293 lstrcpyA lstrcatA lstrcatA 3093->3094 3095 737f22c0 5 API calls 3094->3095 3096 737f52ce lstrcpyA 3095->3096 3097 737f52d9 3096->3097 3098 737f5312 3097->3098 3099 737f53b3 3097->3099 3105 737f5342 3097->3105 3279 737f6fa0 3098->3279 3099->3105 3285 737f6f00 3099->3285 3103 737f543e 3103->3105 3107 737f3e20 6 API calls 3103->3107 3104 737f5413 3106 737f3e20 6 API calls 3104->3106 3105->2813 3106->3105 3107->3105 3109 737f14fe 3108->3109 3110 737f153a 3109->3110 3291 737f1545 lstrcpyA 3109->3291 3110->2813 3114 737f6276 3112->3114 3113 737f6298 GetProcAddress 3115 737f62a9 3113->3115 3114->3113 3115->2813 3117 737f658f GetWindowLongA SendMessageA 3116->3117 3118 737f654c GetDlgItem EnableWindow RedrawWindow 3116->3118 3117->3118 3118->2754 3122 737f6db0 3119->3122 3123 737f6d2c WriteFile 3122->3123 3123->2834 3125 737f40f9 3124->3125 3126 737f40e8 3124->3126 3125->2838 3127 737f22c0 5 API calls 3126->3127 3127->3125 3129 737f24af 3128->3129 3130 737f24d0 3129->3130 3207 737f6ea0 lstrlenA 3129->3207 3131 737f2546 LoadStringA 3130->3131 3134 737f2505 lstrcpyA 3130->3134 3135 737f24e4 GetModuleFileNameA 3130->3135 3132 737f22c0 5 API calls 3131->3132 3136 737f2567 3132->3136 3138 737f2503 3134->3138 3135->3138 3141 737f22c0 5 API calls 3136->3141 3139 737f252c lstrcatA lstrcpyA 3138->3139 3140 737f251b lstrcatA 3138->3140 3139->3131 3140->3139 3142 737f2571 GetFileAttributesA 3141->3142 3174 737f2585 3142->3174 3143 737f25c2 CreateFileA 3143->3174 3144 737f25e0 CreateFileA 3144->3174 3145 737f2597 SetFileAttributesA 3148 737f22c0 5 API calls 3145->3148 3146 737f277c GetFileTime GetFileSize 3150 737f27b6 3146->3150 3147 737f2605 GetFileAttributesA 3147->3174 3148->3174 3153 737f27ed CreateFileMappingA 3150->3153 3154 737f2804 CreateFileMappingA 3150->3154 3151 737f26ea 3155 737f28cd 3151->3155 3158 737f22c0 5 API calls 3151->3158 3152 737f273f LoadStringA MessageBoxA 3152->3151 3152->3174 3157 737f2819 3153->3157 3154->3157 3155->2845 3155->2846 3155->2878 3159 737f281d LoadStringA 3157->3159 3160 737f285e MapViewOfFile 3157->3160 3161 737f284e MapViewOfFile 3157->3161 3158->3155 3165 737f22c0 5 API calls 3159->3165 3166 737f286c 3160->3166 3161->3166 3162 737f263c LoadStringA MessageBoxA 3162->3151 3162->3174 3163 737f2688 lstrcpyA 3163->3174 3164 737f2710 LoadStringA 3168 737f22c0 5 API calls 3164->3168 3165->3151 3169 737f2872 SetEnvironmentVariableA lstrcpyA 3166->3169 3170 737f2870 3166->3170 3167 737f6ea0 lstrlenA 3167->3174 3168->3174 3218 737f226a 3169->3218 3170->3159 3171 737f269b lstrcpyA RtlMoveMemory lstrcpyA 3171->3174 3173 737f28a9 SetEnvironmentVariableA 3173->3151 3174->3131 3174->3143 3174->3144 3174->3145 3174->3146 3174->3147 3174->3151 3174->3152 3174->3162 3174->3163 3174->3164 3174->3167 3174->3171 3209 737f2313 IsDlgButtonChecked 3174->3209 3213 737f6e30 RtlZeroMemory GetOpenFileNameA 3174->3213 3215 737f2411 lstrcpyA lstrcatA DeleteFileA MoveFileA 3174->3215 3177 737f65bd 3176->3177 3178 737f65fb 3177->3178 3179 737f65c6 LoadStringA 3177->3179 3180 737f660f LoadStringA 3178->3180 3184 737f6632 RtlMoveMemory RtlMoveMemory 3178->3184 3181 737f22c0 5 API calls 3179->3181 3182 737f22c0 5 API calls 3180->3182 3183 737f65e7 3181->3183 3182->3183 3183->2872 3186 737f66e8 3184->3186 3186->2872 3188 737f29bd 3187->3188 3189 737f28ea 3187->3189 3188->2869 3203 737f40fa GetModuleHandleA GetProcAddress 3188->3203 3190 737f2912 UnmapViewOfFile CloseHandle SetFilePointer SetEndOfFile CloseHandle 3189->3190 3220 737f29ef LoadLibraryA 3189->3220 3225 737f2368 IsDlgButtonChecked 3190->3225 3195 737f28fc 3198 737f22c0 5 API calls 3195->3198 3196 737f2908 3199 737f22c0 5 API calls 3196->3199 3197 737f2968 CreateFileA 3197->3188 3200 737f298e SetFileTime CloseHandle 3197->3200 3201 737f2906 3198->3201 3199->3190 3202 737f22c0 5 API calls 3200->3202 3201->3190 3202->3188 3204 737f4125 3203->3204 3205 737f4113 3203->3205 3204->2869 3206 737f22c0 5 API calls 3205->3206 3206->3204 3208 737f24be lstrcpyA 3207->3208 3208->3130 3210 737f2329 lstrcpyA lstrcatA GetFileAttributesA 3209->3210 3211 737f235c 3209->3211 3210->3211 3212 737f234d CopyFileA 3210->3212 3211->3174 3212->3211 3214 737f6e7c 3213->3214 3214->3174 3216 737f2459 3215->3216 3217 737f2449 CopyFileA 3215->3217 3216->3174 3217->3216 3219 737f227a 3218->3219 3219->3173 3221 737f28f8 3220->3221 3222 737f2a0b GetProcAddress 3220->3222 3221->3195 3221->3196 3223 737f2a1c 3222->3223 3224 737f2a47 CloseHandle 3222->3224 3223->3224 3224->3221 3226 737f240c SetFileAttributesA 3225->3226 3227 737f2382 3225->3227 3226->3188 3226->3197 3228 737f238d 3227->3228 3229 737f23b4 3227->3229 3230 737f2396 CopyFileA 3228->3230 3231 737f23a3 3228->3231 3229->3231 3233 737f23d5 LoadStringA 3229->3233 3230->3231 3231->3226 3232 737f23ac DeleteFileA 3231->3232 3232->3226 3234 737f22c0 5 API calls 3233->3234 3235 737f23f6 3234->3235 3236 737f22c0 5 API calls 3235->3236 3237 737f23fc SetFileAttributesA 3236->3237 3237->3226 3239 737f4668 GetFileSize CreateFileMappingA 3238->3239 3240 737f4787 3238->3240 3241 737f477d CloseHandle 3239->3241 3242 737f4694 3239->3242 3240->2899 3241->3240 3243 737f22c0 5 API calls 3242->3243 3246 737f46a1 3243->3246 3244 737f46c2 MapViewOfFile 3244->3246 3245 737f4775 CloseHandle 3245->3241 3246->3244 3246->3245 3247 737f471f UnmapViewOfFile 3246->3247 3247->3246 3249 737f714a 3248->3249 3249->2932 3251 737f7185 GetFileAttributesA 3250->3251 3254 737f71c6 3250->3254 3252 737f7190 3251->3252 3251->3254 3253 737f71ad CreateDirectoryA 3252->3253 3252->3254 3253->3252 3253->3254 3254->2939 3261 737f57bf 3255->3261 3256 737f587d RtlMoveMemory 3257 737f589a 3256->3257 3257->2996 3258 737f5808 DialogBoxParamA 3259 737f582b RtlMoveMemory lstrcatA 3258->3259 3258->3261 3259->3261 3260 737f22c0 5 API calls 3260->3261 3261->3256 3261->3258 3261->3260 3263 737f5735 lstrcmpA 3262->3263 3264 737f5783 VirtualFree 3262->3264 3266 737f5778 lstrcpyA 3263->3266 3267 737f5742 3263->3267 3265 737f579b 3264->3265 3265->2997 3266->3264 3267->3264 3269 737f3e36 3268->3269 3273 737f3e84 3268->3273 3270 737f3e7a 3269->3270 3271 737f3e86 RtlZeroMemory 3269->3271 3269->3273 3272 737f22c0 5 API calls 3270->3272 3271->3273 3272->3273 3273->3048 3275 737f3dbf 3274->3275 3275->3048 3277 737f29ed 3276->3277 3278 737f29cc UnmapViewOfFile CloseHandle CloseHandle 3276->3278 3277->3066 3277->3072 3278->3277 3280 737f6faf GetVersionExA 3279->3280 3282 737f6fce RegOpenKeyExA 3279->3282 3280->3282 3283 737f7031 3282->3283 3284 737f7000 RegQueryValueExA RegCloseKey 3282->3284 3283->3105 3284->3283 3286 737f6f0f GetVersionExA 3285->3286 3287 737f6f2e RegOpenKeyExA 3285->3287 3286->3287 3289 737f53f3 3287->3289 3290 737f6f60 RegQueryValueExA RegCloseKey 3287->3290 3289->3103 3289->3104 3289->3105 3290->3289 3293 737f156a 3291->3293 3292 737f15d2 3292->3109 3293->3292 3294 737f6f00 4 API calls 3293->3294 3295 737f15a4 3294->3295 3301 737f1607 3295->3301 3297 737f15af 3298 737f15be 3297->3298 3304 737f15de lstrlenA 3297->3304 3298->3292 3300 737f15c3 SetEnvironmentVariableA 3298->3300 3300->3292 3303 737f161e lstrcpyA 3301->3303 3303->3297 3305 737f15f3 3304->3305 3305->3298 3730 737f1bcc 3731 737f1bdf Sleep lstrlenA GetDC GetDC CreateCompatibleDC 3730->3731 3733 737f1c1d SendMessageA 3731->3733 3734 737f1c2a SelectObject GetTextExtentPointA 3731->3734 3733->3734 3735 737f1c4e 14 API calls 3734->3735 3736 737f1de1 3734->3736 3739 737f1d49 3735->3739 3737 737f1dd5 Sleep 3737->3739 3738 737f1d53 BitBlt TextOutA 3738->3739 3739->3737 3739->3738 3740 737f1d93 BitBlt 3739->3740 3740->3739 3306 737f2109 3309 737f4126 GetVersionExA GetModuleHandleA GetProcAddress 3306->3309 3308 737f210e 3310 737f4156 GetCommandLineA 3309->3310 3311 737f415a 3309->3311 3310->3311 3312 737f6d14 2 API calls 3311->3312 3313 737f416b 3312->3313 3314 737f7040 2 API calls 3313->3314 3315 737f4178 3314->3315 3316 737f424e 3315->3316 3317 737f4180 3315->3317 3318 737f6d14 2 API calls 3316->3318 3319 737f6d14 2 API calls 3317->3319 3320 737f4258 3318->3320 3321 737f418a 3319->3321 3322 737f4262 3320->3322 3323 737f6d14 2 API calls 3320->3323 3324 737f6d14 2 API calls 3321->3324 3326 737f7040 2 API calls 3322->3326 3323->3322 3325 737f4194 3324->3325 3327 737f6d14 2 API calls 3325->3327 3328 737f426f 3326->3328 3329 737f419e 3327->3329 3330 737f7040 2 API calls 3328->3330 3331 737f6d14 2 API calls 3329->3331 3332 737f4281 3330->3332 3333 737f41a8 3331->3333 3334 737f7040 2 API calls 3332->3334 3335 737f6d14 2 API calls 3333->3335 3336 737f4293 3334->3336 3337 737f41b2 3335->3337 3338 737f7040 2 API calls 3336->3338 3339 737f6d14 2 API calls 3337->3339 3340 737f42a8 3338->3340 3341 737f41bc 3339->3341 3342 737f42ac ExpandEnvironmentStringsA 3340->3342 3343 737f42c5 3340->3343 3344 737f6d14 2 API calls 3341->3344 3342->3343 3346 737f70b0 4 API calls 3343->3346 3345 737f41c6 3344->3345 3347 737f6d14 2 API calls 3345->3347 3348 737f42cd 3346->3348 3350 737f41d0 3347->3350 3349 737f7040 2 API calls 3348->3349 3351 737f42dd 3349->3351 3352 737f6d14 2 API calls 3350->3352 3353 737f4304 3351->3353 3354 737f42e1 ExpandEnvironmentStringsA SetEnvironmentVariableA 3351->3354 3355 737f41da 3352->3355 3356 737f430d DialogBoxParamA 3353->3356 3357 737f4325 3353->3357 3354->3353 3358 737f6d14 2 API calls 3355->3358 3360 737f4334 3356->3360 3361 737f5afe 13 API calls 3357->3361 3359 737f41e4 3358->3359 3362 737f6d14 2 API calls 3359->3362 3360->3308 3363 737f432a 3361->3363 3364 737f41ee 3362->3364 3365 737f6089 17 API calls 3363->3365 3367 737f6d14 2 API calls 3364->3367 3366 737f432f 3365->3366 3366->3360 3368 737f62cd 254 API calls 3366->3368 3369 737f41f8 3367->3369 3368->3360 3370 737f6d14 2 API calls 3369->3370 3371 737f4202 3370->3371 3372 737f6d14 2 API calls 3371->3372 3373 737f420c 3372->3373 3374 737f6d14 2 API calls 3373->3374 3375 737f4216 3374->3375 3376 737f6d14 2 API calls 3375->3376 3377 737f4220 3376->3377 3378 737f6d14 2 API calls 3377->3378 3379 737f422a 3378->3379 3380 737f6d14 2 API calls 3379->3380 3381 737f4234 3380->3381 3382 737f6d14 2 API calls 3381->3382 3383 737f423e 3382->3383 3384 737f6d14 2 API calls 3383->3384 3385 737f4248 3384->3385 3385->3308 3741 737f2dc9 3742 737f2dd0 3741->3742 3743 737f2dea GetDlgItem GetDlgItem 3742->3743 3744 737f3298 3742->3744 3746 737f2ad8 2 API calls 3743->3746 3745 737f329f 3744->3745 3747 737f32b6 3744->3747 3748 737f3372 3744->3748 3749 737f2e22 LoadStringA 3746->3749 3750 737f32bf 3747->3750 3751 737f32c9 3747->3751 3752 737f33af 3748->3752 3753 737f3377 3748->3753 3774 737f2e47 3749->3774 3750->3745 3764 737f1460 3 API calls 3750->3764 3755 737f32cf 3751->3755 3756 737f3320 3751->3756 3754 737f33c8 GetDlgCtrlID 3752->3754 3767 737f3556 3752->3767 3753->3745 3757 737f3386 TrackPopupMenu 3753->3757 3762 737f33ec 3754->3762 3763 737f33d6 SendMessageA 3754->3763 3755->3745 3765 737f32dc DialogBoxParamA 3755->3765 3760 737f3326 3756->3760 3761 737f3330 3756->3761 3757->3745 3758 737f2e6e lstrcpyA CreateFontIndirectA SendMessageA 3759 737f2eab LoadIconA SendMessageA 3758->3759 3766 737f1460 3 API calls 3759->3766 3768 737f62cd 254 API calls 3760->3768 3770 737f3336 3761->3770 3771 737f3340 3761->3771 3769 737f3543 3762->3769 3772 737f33f9 GetDlgCtrlID 3762->3772 3763->3769 3796 737f3604 3764->3796 3765->3745 3773 737f32fb 3765->3773 3775 737f2ed9 3766->3775 3779 737f355d 3767->3779 3780 737f3584 3767->3780 3768->3745 3776 737f3d1a 14 API calls 3770->3776 3771->3745 3788 737f3353 ShowWindow ShowWindow 3771->3788 3777 737f3419 SetTextColor 3772->3777 3778 737f3407 3772->3778 3791 737f3308 MessageBoxA 3773->3791 3774->3758 3774->3759 3785 737f2f68 CheckDlgButton 3775->3785 3801 737f2ef6 SetWindowTextA 3775->3801 3776->3745 3786 737f3446 SetBkColor CreateSolidBrush 3777->3786 3787 737f3430 SetBkMode GetStockObject 3777->3787 3778->3777 3803 737f3464 3778->3803 3789 737f3566 CreateSolidBrush 3779->3789 3790 737f3573 3779->3790 3782 737f3589 3780->3782 3783 737f35a0 3780->3783 3781 737f362e 3784 737f20bd FreeLibrary 3781->3784 3793 737f3c60 9 API calls 3782->3793 3794 737f35cd 3783->3794 3795 737f35a7 3783->3795 3792 737f3633 DeleteFileA 3784->3792 3884 737f2afb GetDlgItem GetWindowRect GetDlgItem GetWindowRect IntersectRect 3785->3884 3786->3769 3787->3769 3788->3745 3789->3790 3791->3745 3798 737f3ac2 2 API calls 3792->3798 3797 737f3594 3793->3797 3794->3750 3802 737f35d4 3794->3802 3795->3745 3799 737f35b1 SendMessageA 3795->3799 3796->3781 3804 737f3b6f 6 API calls 3796->3804 3805 737f3642 FreeLibrary DeleteFileA 3798->3805 3799->3745 3806 737f2a53 3801->3806 3802->3745 3808 737f35e1 ShowWindow 3802->3808 3809 737f346a SetTextColor 3803->3809 3810 737f34b5 3803->3810 3804->3781 3813 737f61bc 8 API calls 3805->3813 3814 737f2f05 SetDlgItemTextA 3806->3814 3808->3745 3816 737f3497 SetBkColor CreateSolidBrush 3809->3816 3817 737f3481 SetBkMode GetStockObject 3809->3817 3811 737f34bb SetTextColor 3810->3811 3812 737f3500 SetTextColor 3810->3812 3818 737f34e5 SetBkColor CreateSolidBrush 3811->3818 3819 737f34d2 SetBkMode GetStockObject 3811->3819 3820 737f352a SetBkColor CreateSolidBrush 3812->3820 3821 737f3517 SetBkMode GetStockObject 3812->3821 3822 737f365c EndDialog 3813->3822 3823 737f2a53 3814->3823 3815 737f2f97 3824 737f2fad 3815->3824 3825 737f2fa0 ShowWindow 3815->3825 3816->3769 3817->3769 3818->3769 3819->3769 3820->3769 3821->3769 3822->3745 3826 737f2f16 SetDlgItemTextA 3823->3826 3827 737f1460 3 API calls 3824->3827 3825->3824 3828 737f2a53 3826->3828 3829 737f2fbc 3827->3829 3830 737f2f27 SetDlgItemTextA 3828->3830 3831 737f2fd2 3829->3831 3834 737f2a7d 9 API calls 3829->3834 3833 737f2a53 3830->3833 3832 737f5afe 13 API calls 3831->3832 3836 737f2fd7 3832->3836 3837 737f2f3d SetDlgItemTextA 3833->3837 3835 737f2fc7 3834->3835 3835->3831 3841 737f1fe3 5 API calls 3835->3841 3838 737f1460 3 API calls 3836->3838 3839 737f2a53 3837->3839 3847 737f2fe6 3838->3847 3840 737f2f4e SetDlgItemTextA 3839->3840 3843 737f2a53 3840->3843 3841->3831 3842 737f3081 GetDlgItem SetWindowLongA 3844 737f30cf 3842->3844 3845 737f30b3 GetDlgItem SetWindowLongA 3842->3845 3846 737f2f5f SetDlgItemTextA 3843->3846 3848 737f30d8 GetDlgItem SetWindowLongA 3844->3848 3849 737f30f4 3844->3849 3845->3844 3846->3785 3847->3842 3885 737f3c34 GetDlgItem SendMessageA 3847->3885 3848->3849 3850 737f16e0 30 API calls 3849->3850 3853 737f3113 3850->3853 3852 737f3067 3886 737f3c34 GetDlgItem SendMessageA 3852->3886 3854 737f16e0 30 API calls 3853->3854 3857 737f3137 3854->3857 3856 737f3074 3887 737f3c34 GetDlgItem SendMessageA 3856->3887 3858 737f16e0 30 API calls 3857->3858 3860 737f3156 3858->3860 3861 737f1460 3 API calls 3860->3861 3862 737f3165 3861->3862 3863 737f316f 3862->3863 3865 737f2294 2 API calls 3862->3865 3864 737f2ad8 2 API calls 3863->3864 3866 737f317a 6 API calls 3864->3866 3865->3863 3867 737f320f 3866->3867 3868 737f31eb SetClassLongA GetDlgItem SetClassLongA 3866->3868 3869 737f1460 3 API calls 3867->3869 3868->3867 3870 737f3225 3869->3870 3871 737f3229 3870->3871 3872 737f3256 3870->3872 3873 737f3249 3871->3873 3874 737f3230 SetTimer 3871->3874 3875 737f1460 3 API calls 3872->3875 3888 737f2244 CreateThread CloseHandle 3873->3888 3874->3873 3877 737f3265 3875->3877 3878 737f3254 3877->3878 3880 737f3ae0 4 API calls 3877->3880 3879 737f6089 17 API calls 3878->3879 3881 737f3277 3879->3881 3880->3878 3882 737f38cc 34 API calls 3881->3882 3883 737f327c SetFocus 3882->3883 3884->3815 3885->3852 3886->3856 3887->3842 3888->3878 3916 737f3b43 3917 737f1460 3 API calls 3916->3917 3918 737f3b52 3917->3918 3919 737f3b6e 3918->3919 3920 737f3b6f 6 API calls 3918->3920 3920->3919 4144 737f3683 4145 737f3690 4144->4145 4146 737f3757 4145->4146 4147 737f36a4 GetWindowLongA 4145->4147 4150 737f375e 4146->4150 4151 737f3786 4146->4151 4154 737f383c 4146->4154 4148 737f36cc 4147->4148 4149 737f36b8 SetWindowPos 4147->4149 4152 737f36d9 SetDlgItemTextA 4148->4152 4149->4148 4153 737f38a8 EndDialog 4150->4153 4176 737f3752 4150->4176 4155 737f3793 GetDlgCtrlID 4151->4155 4171 737f3829 4151->4171 4158 737f36ed 4152->4158 4159 737f3709 4152->4159 4153->4176 4156 737f3867 4154->4156 4157 737f3843 4154->4157 4160 737f37e6 SetTextColor 4155->4160 4161 737f37a1 SetTextColor 4155->4161 4166 737f386c 4156->4166 4167 737f3880 4156->4167 4164 737f384c CreateSolidBrush 4157->4164 4165 737f3859 4157->4165 4158->4159 4184 737f3c34 GetDlgItem SendMessageA 4158->4184 4168 737f16e0 30 API calls 4159->4168 4162 737f37fd SetBkMode GetStockObject 4160->4162 4163 737f3810 SetBkColor CreateSolidBrush 4160->4163 4169 737f37cb SetBkColor CreateSolidBrush 4161->4169 4170 737f37b8 SetBkMode GetStockObject 4161->4170 4162->4171 4163->4171 4164->4165 4172 737f3c60 9 API calls 4166->4172 4167->4150 4174 737f3887 4167->4174 4173 737f3728 4168->4173 4169->4171 4170->4171 4178 737f3877 4172->4178 4179 737f1460 3 API calls 4173->4179 4175 737f388d SendMessageA 4174->4175 4174->4176 4175->4176 4180 737f3737 4179->4180 4181 737f3744 4180->4181 4182 737f3ae0 4 API calls 4180->4182 4183 737f7260 5 API calls 4181->4183 4182->4181 4183->4176 4184->4159 3921 737fa740 RegCreateKeyExA 3922 737fa78f 3921->3922 3923 737fa770 RegSetValueExA RegCloseKey 3921->3923 3923->3922

              Executed Functions

              Control-flow Graph

              C-Code - Quality: 97%
              			E737F4126(void* __ecx, void* __edx) {
              				CHAR* _t4;
              				CHAR* _t14;
              				int _t20;
              				void* _t44;
              				void* _t45;
              
              				_t45 = __edx;
              				_t44 = __ecx;
              				0x73802199->dwOSVersionInfoSize = 0x94;
              				GetVersionExA(0x73802199);
              				_t4 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "AttachConsole");
              				if(_t4 != 0) {
              					_push(0xffffffff); // executed
              					_t4 = GetCommandLineA(); // executed
              				}
              				L737F6B0A();
              				_t46 = _t4;
              				E737F6D14("\r\n"); // executed
              				if(E737F7040(_t4, "help", 0) == 0) {
              					E737F6D14(" /help                 : show help menu"); // executed
              					E737F6D14("\r\n"); // executed
              					 *0x737fe95c = E737F7040(_t46, "silent", 0);
              					 *0x737fe95d = E737F7040(_t46, "backup", 0);
              					 *0x737fe95e = E737F7040(_t46, "overwrite", 0);
              					if(E737F7040(_t46, "startupworkdir", 0x737fd911) != 1) {
              						_t14 = 0;
              					} else {
              						_t46 = 0x737fe95f;
              						ExpandEnvironmentStringsA(0x737fd911, 0x737fe95f, 0x400);
              						_t14 = 0x737fe95f;
              					}
              					E737F70B0(_t14);
              					if(E737F7040(_t46, "setvar", 0x737fd911) == 1) {
              						ExpandEnvironmentStringsA(0x737fd911, 0x737fed5f, 0x400);
              						SetEnvironmentVariableA("dup2_cmd_var", 0x737fed5f);
              					}
              					if( *0x737fe95c != 0) {
              						E737F5AFE();
              						E737F6089();
              						return E737F62CD(_t44, _t45);
              					}
              					_t20 = DialogBoxParamA( *0x737fd8a2, 1, 0, E737F2DD0, 0); // executed
              					return _t20;
              				}
              				E737F6D14("--------------------------------------------------------------------");
              				E737F6D14("\r\n");
              				E737F6D14(" diablo2oo2\'s universal patcher - console help");
              				E737F6D14("\r\n");
              				E737F6D14("\r\n");
              				E737F6D14(" /help                 : this help menu");
              				E737F6D14("\r\n");
              				E737F6D14(" /silent               : no window gui, no input");
              				E737F6D14("\r\n");
              				E737F6D14(" /overwrite            : overwrite existing files");
              				E737F6D14("\r\n");
              				E737F6D14("                         during file attachment export");
              				E737F6D14("\r\n");
              				E737F6D14(" /backup               : make backup of every file which is patched");
              				E737F6D14("\r\n");
              				E737F6D14(" /startupworkdir <dir> : set working directory for the patcher");
              				E737F6D14("\r\n");
              				E737F6D14(" /setvar <content>     : set content of %dup2_cmd_var%");
              				E737F6D14("\r\n");
              				return E737F6D14("\r\n");
              			}








              0x737f4126
              0x737f4126
              0x737f4129
              0x737f4138
              0x737f4152
              0x737f4154
              0x737f4156
              0x737f4158
              0x737f4158
              0x737f415a
              0x737f415f
              0x737f4166
              0x737f417a
              0x737f4253
              0x737f425d
              0x737f426f
              0x737f4281
              0x737f4293
              0x737f42aa
              0x737f42c5
              0x737f42ac
              0x737f42ac
              0x737f42bc
              0x737f42c1
              0x737f42c1
              0x737f42c8
              0x737f42df
              0x737f42f0
              0x737f42ff
              0x737f42ff
              0x737f430b
              0x737f4325
              0x737f432a
              0x00000000
              0x737f432f
              0x737f431e
              0x00000000
              0x737f431e
              0x737f4185
              0x737f418f
              0x737f4199
              0x737f41a3
              0x737f41ad
              0x737f41b7
              0x737f41c1
              0x737f41cb
              0x737f41d5
              0x737f41df
              0x737f41e9
              0x737f41f3
              0x737f41fd
              0x737f4207
              0x737f4211
              0x737f421b
              0x737f4225
              0x737f422f
              0x737f4239
              0x737f424b

              APIs
              • GetVersionExA.KERNEL32(73802199,?,?,?,737F210E), ref: 737F4138
              • GetModuleHandleA.KERNEL32(kernel32.dll,73802199,?,?,?,737F210E), ref: 737F4142
              • GetProcAddress.KERNEL32(00000000,AttachConsole), ref: 737F414D
              • GetCommandLineA.KERNEL32(000000FF,00000000,AttachConsole,kernel32.dll,73802199,?,?,?,737F210E), ref: 737F4158
              Strings
              • /help : show help menu, xrefs: 737F424E
              • /overwrite : overwrite existing files, xrefs: 737F41DA
              • overwrite, xrefs: 737F4288
              • dup2_cmd_var, xrefs: 737F42FA
              • backup, xrefs: 737F4276
              • /backup : make backup of every file which is patched, xrefs: 737F4202
              • during file attachment export, xrefs: 737F41EE
              • /help : this help menu, xrefs: 737F41B2
              • kernel32.dll, xrefs: 737F413D
              • silent, xrefs: 737F4264
              • startupworkdir, xrefs: 737F429D
              • --------------------------------------------------------------------, xrefs: 737F4180
              • help, xrefs: 737F416D
              • /startupworkdir <dir> : set working directory for the patcher, xrefs: 737F4216
              • /silent : no window gui, no input, xrefs: 737F41C6
              • /setvar <content> : set content of %dup2_cmd_var%, xrefs: 737F422A
              • AttachConsole, xrefs: 737F4147
              • setvar, xrefs: 737F42D2
              • diablo2oo2's universal patcher - console help, xrefs: 737F4194
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: AddressCommandHandleLineModuleProcVersion
              • String ID: during file attachment export$ /backup : make backup of every file which is patched$ /help : show help menu$ /help : this help menu$ /overwrite : overwrite existing files$ /setvar <content> : set content of %dup2_cmd_var%$ /silent : no window gui, no input$ /startupworkdir <dir> : set working directory for the patcher$ diablo2oo2's universal patcher - console help$--------------------------------------------------------------------$AttachConsole$backup$dup2_cmd_var$help$kernel32.dll$overwrite$setvar$silent$startupworkdir
              • API String ID: 919412983-4279514999
              • Opcode ID: 4d9566101889f015e6ee8bae3cd3b0a6bb2d6dc5030d392ed35aadc0d7060acd
              • Instruction ID: 78cd2518aad021160de5d6efaf42fc72134410d32c524d60a1526fc64ae3f86a
              • Opcode Fuzzy Hash: 4d9566101889f015e6ee8bae3cd3b0a6bb2d6dc5030d392ed35aadc0d7060acd
              • Instruction Fuzzy Hash: FB312DA23057633BF91137B89E89F6D5615BF411A8F208250BDB43F38BCA8451039EBB
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 472 e7102b call e71037 474 e71030-e71032 ExitProcess 472->474
              C-Code - Quality: 92%
              			_entry_() {
              				struct HRSRC__* _v8;
              				void* _v12;
              				long _v16;
              				char _v1040;
              				struct HRSRC__* _t24;
              				int _t26;
              				int _t27;
              				intOrPtr* _t29;
              				void* _t39;
              				void* _t43;
              				struct HINSTANCE__* _t46;
              				void* _t49;
              
              				L1(); // executed
              				ExitProcess(0);
              				 *0xe73030 = GetModuleHandleA(0);
              				_v12 = 0;
              				_t24 = FindResourceA(0, 0xe73000, 0xa);
              				if(_t24 != 0) {
              					_v8 = _t24;
              					_v16 = SizeofResource(0, _v8);
              					_t43 = LoadResource(0, _v8);
              					if(_t43 != 0) {
              						_v12 = _t43;
              					}
              				}
              				if(_v12 != 0) {
              					_t39 = VirtualAlloc(0, _v16, 0x1000, 4); // executed
              					_t49 = _t39;
              					RtlMoveMemory(_t49, _v12, _v16);
              					_v12 = _t49;
              					E00E71000(_t39, _v12, _v16, 0xdeadbeef);
              				}
              				if(_v12 != 0) {
              					GetTempPathA(0x400,  &_v1040);
              					lstrcatA( &_v1040, 0xe73004);
              					E00E71184( &_v1040, _v12, _v16); // executed
              				}
              				_t26 = LoadLibraryA( &_v1040); // executed
              				_t27 = _t26;
              				if(_t27 != 0) {
              					_t46 = _t27;
              					_t29 = GetProcAddress(_t46, 0xe73015);
              					if(_t29 != 0) {
              						 *_t29();
              					}
              					FreeLibrary(_t46);
              					_t27 = DeleteFileA( &_v1040);
              				}
              				return _t27;
              			}















              0x00e7102b
              0x00e71032
              0x00e7104a
              0x00e7104f
              0x00e71064
              0x00e71066
              0x00e71068
              0x00e71075
              0x00e71082
              0x00e71084
              0x00e71086
              0x00e71086
              0x00e71084
              0x00e7108d
              0x00e7109b
              0x00e710a0
              0x00e710a9
              0x00e710ae
              0x00e710bc
              0x00e710bc
              0x00e710c5
              0x00e710d3
              0x00e710e4
              0x00e710f6
              0x00e710f6
              0x00e71102
              0x00e71107
              0x00e71109
              0x00e7110b
              0x00e71118
              0x00e7111a
              0x00e7111c
              0x00e7111c
              0x00e7111f
              0x00e7112b
              0x00e7112b
              0x00e71134

              APIs
                • Part of subcall function 00E71037: GetModuleHandleA.KERNEL32(00000000,?,?,?,?,00E71030), ref: 00E71045
                • Part of subcall function 00E71037: FindResourceA.KERNEL32(00000000,00E73000,0000000A), ref: 00E7105F
                • Part of subcall function 00E71037: SizeofResource.KERNEL32(00000000,?,00000000,?,?,?,?,00E71030), ref: 00E71070
                • Part of subcall function 00E71037: LoadResource.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,?,00E71030), ref: 00E7107D
                • Part of subcall function 00E71037: VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,00000000,?,?,?,?,00E71030), ref: 00E7109B
                • Part of subcall function 00E71037: RtlMoveMemory.KERNEL32(00000000,00000000,?,00000000,?,00001000,00000004,00000000,?,?,?,?,00E71030), ref: 00E710A9
                • Part of subcall function 00E71037: GetTempPathA.KERNEL32(00000400,?,00000000,?,?,?,?,00E71030), ref: 00E710D3
                • Part of subcall function 00E71037: lstrcatA.KERNEL32(?,00E73004,00000400,?,00000000,?,?,?,?,00E71030), ref: 00E710E4
                • Part of subcall function 00E71037: LoadLibraryA.KERNEL32(?,00000000,?,?,?,?,00E71030), ref: 00E71102
                • Part of subcall function 00E71037: GetProcAddress.KERNEL32(00000000,00E73015), ref: 00E71113
                • Part of subcall function 00E71037: FreeLibrary.KERNEL32(00000000,?,00000000,?,?,?,?,00E71030), ref: 00E7111F
                • Part of subcall function 00E71037: DeleteFileA.KERNEL32(?,00000000,?,00000000,?,?,?,?,00E71030), ref: 00E7112B
              • ExitProcess.KERNEL32(00000000), ref: 00E71032
              Memory Dump Source
              • Source File: 00000001.00000002.462850559.0000000000E71000.00000020.00020000.sdmp, Offset: 00E70000, based on PE: true
              • Associated: 00000001.00000002.462825351.0000000000E70000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.462869955.0000000000E72000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.462883821.0000000000E74000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_e70000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Resource$LibraryLoad$AddressAllocDeleteExitFileFindFreeHandleMemoryModuleMovePathProcProcessSizeofTempVirtuallstrcat
              • String ID:
              • API String ID: 1211033256-0
              • Opcode ID: b81c3412d226e63c2f3ac0eb5a64958b4aeb3840df01e4fa6d7b9ea7c3c4251e
              • Instruction ID: 9c701ec7aaf7636094d1a640b92ab2e76646ea87698227d9d777a4df228f9bb5
              • Opcode Fuzzy Hash: b81c3412d226e63c2f3ac0eb5a64958b4aeb3840df01e4fa6d7b9ea7c3c4251e
              • Instruction Fuzzy Hash: 1B215175E01308BADF20ABF88C46F9DBBF9AB04744F50E0D1B30CB9192DA714A85DB11
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 0 737f2dd0-737f2de4 1 737f2dea-737f2e45 GetDlgItem * 2 call 737f2ad8 LoadStringA 0->1 2 737f3298-737f329d 0->2 12 737f2e47-737f2e49 1->12 13 737f2e55-737f2e5c 1->13 3 737f329f-737f32a6 2->3 4 737f32ab-737f32b0 2->4 6 737f3677-737f3680 3->6 7 737f32b6-737f32bd 4->7 8 737f3372-737f3375 4->8 10 737f32bf 7->10 11 737f32c9-737f32cd 7->11 14 737f33af-737f33b4 8->14 15 737f3377-737f3380 8->15 18 737f35f5-737f3606 call 737f1460 10->18 19 737f32cf-737f32d6 11->19 20 737f3320-737f3324 11->20 12->13 21 737f2e4b-737f2e4e 12->21 22 737f2e65-737f2e6c 13->22 16 737f33c8-737f33d4 GetDlgCtrlID 14->16 17 737f33b6-737f33bb 14->17 15->6 23 737f3386-737f33aa TrackPopupMenu 15->23 29 737f33ec-737f33f3 16->29 30 737f33d6-737f33e7 SendMessageA 16->30 17->16 26 737f33bd-737f33c2 17->26 54 737f362e-737f3669 call 737f20bd DeleteFileA call 737f3ac2 FreeLibrary DeleteFileA call 737f61bc EndDialog 18->54 55 737f3608-737f3619 call 737f1bb2 18->55 19->6 32 737f32dc-737f32f9 DialogBoxParamA 19->32 27 737f3326-737f332b call 737f62cd 20->27 28 737f3330-737f3334 20->28 21->13 33 737f2e50-737f2e53 21->33 24 737f2e6e-737f2ea6 lstrcpyA CreateFontIndirectA SendMessageA 22->24 25 737f2eab-737f2edb LoadIconA SendMessageA call 737f1460 22->25 23->6 24->25 60 737f2f68-737f2f6f 25->60 61 737f2ee1-737f2f63 call 737f2a53 SetWindowTextA call 737f2a53 SetDlgItemTextA call 737f2a53 SetDlgItemTextA call 737f2a53 SetDlgItemTextA call 737f2a53 SetDlgItemTextA call 737f2a53 SetDlgItemTextA call 737f2a53 SetDlgItemTextA 25->61 26->16 35 737f3556-737f355b 26->35 27->6 38 737f3336-737f333b call 737f3d1a 28->38 39 737f3340-737f3344 28->39 40 737f33f9-737f3405 GetDlgCtrlID 29->40 41 737f3545 29->41 37 737f354a-737f354e 30->37 43 737f331b 32->43 44 737f32fb-737f3316 call 737f2a53 MessageBoxA 32->44 33->13 45 737f2e5e 33->45 52 737f355d-737f3564 35->52 53 737f3584-737f3587 35->53 38->6 39->6 51 737f334a-737f3351 39->51 49 737f3419-737f342e SetTextColor 40->49 50 737f3407-737f340b 40->50 41->37 43->6 44->43 45->22 64 737f3446-737f345f SetBkColor CreateSolidBrush 49->64 65 737f3430-737f3441 SetBkMode GetStockObject 49->65 50->49 63 737f340d-737f3411 50->63 66 737f336d 51->66 67 737f3353-737f3368 ShowWindow * 2 51->67 68 737f3566-737f3571 CreateSolidBrush 52->68 69 737f3573 52->69 57 737f3589-737f3598 call 737f3c60 53->57 58 737f35a0-737f35a5 53->58 54->6 55->54 82 737f361b-737f3629 call 737f3b6f 55->82 77 737f35cd-737f35d2 58->77 78 737f35a7-737f35ab 58->78 79 737f2f78 60->79 80 737f2f71-737f2f76 60->80 61->60 63->49 81 737f3413-737f3417 63->81 64->37 65->37 66->6 67->66 75 737f3578-737f357c 68->75 69->75 88 737f35d4-737f35db 77->88 89 737f35f0-737f35f3 77->89 78->6 85 737f35b1-737f35c8 SendMessageA 78->85 86 737f2f7d-737f2f9e CheckDlgButton call 737f2afb 79->86 80->86 81->49 90 737f3464-737f3468 81->90 82->54 85->6 112 737f2fad-737f2fbe call 737f1460 86->112 113 737f2fa0-737f2fa8 ShowWindow 86->113 88->6 95 737f35e1-737f35eb ShowWindow 88->95 89->18 96 737f366b-737f3674 89->96 97 737f346a-737f347f SetTextColor 90->97 98 737f34b5-737f34b9 90->98 95->6 96->6 104 737f3497-737f34b0 SetBkColor CreateSolidBrush 97->104 105 737f3481-737f3492 SetBkMode GetStockObject 97->105 99 737f34bb-737f34d0 SetTextColor 98->99 100 737f3500-737f3515 SetTextColor 98->100 106 737f34e5-737f34fe SetBkColor CreateSolidBrush 99->106 107 737f34d2-737f34e3 SetBkMode GetStockObject 99->107 108 737f352a-737f353e SetBkColor CreateSolidBrush 100->108 109 737f3517-737f3528 SetBkMode GetStockObject 100->109 104->37 105->37 106->37 107->37 114 737f3543 108->114 109->114 120 737f2fd2-737f2fe8 call 737f5afe call 737f1460 112->120 121 737f2fc0-737f2fc9 call 737f2a7d 112->121 113->112 114->37 134 737f2fee-737f304f 120->134 135 737f3081-737f30b1 GetDlgItem SetWindowLongA 120->135 121->120 128 737f2fcb-737f2fcd call 737f1fe3 121->128 128->120 134->135 140 737f3051-737f3058 134->140 137 737f30cf-737f30d6 135->137 138 737f30b3-737f30ca GetDlgItem SetWindowLongA 135->138 142 737f30d8-737f30ef GetDlgItem SetWindowLongA 137->142 143 737f30f4-737f3167 call 737f16e0 * 3 call 737f1460 137->143 138->137 140->135 141 737f305a-737f307c call 737f3c34 * 3 140->141 141->135 142->143 157 737f316f-737f31e9 call 737f2ad8 CreatePopupMenu LoadStringA AppendMenuA LoadStringA AppendMenuA LoadCursorA 143->157 158 737f3169-737f316a call 737f2294 143->158 162 737f320f-737f3227 call 737f1460 157->162 163 737f31eb-737f320a SetClassLongA GetDlgItem SetClassLongA 157->163 158->157 166 737f3229-737f322e 162->166 167 737f3256-737f3267 call 737f1460 162->167 163->162 168 737f3249-737f3254 call 737f2244 166->168 169 737f3230-737f3242 SetTimer 166->169 174 737f3269-737f326d call 737f3ae0 167->174 175 737f3272 call 737f6089 167->175 168->175 169->168 174->175 178 737f3277-737f3290 call 737f38cc SetFocus 175->178
              C-Code - Quality: 98%
              			E737F2DD0(struct HWND__* _a4, int _a8, int _a12, signed int _a16) {
              				int _t55;
              				int _t56;
              				int _t58;
              				void* _t66;
              				intOrPtr _t81;
              				int _t101;
              				int _t106;
              				char _t113;
              				intOrPtr _t117;
              				int _t118;
              				char _t120;
              				void* _t122;
              				void* _t125;
              				void* _t131;
              				struct HMENU__* _t134;
              				void* _t141;
              				intOrPtr _t143;
              				intOrPtr _t150;
              				CHAR* _t176;
              				intOrPtr _t187;
              				long _t191;
              				void* _t192;
              				void* _t196;
              				intOrPtr _t197;
              				struct HWND__* _t198;
              				intOrPtr _t199;
              				struct HMENU__* _t200;
              				void* _t201;
              				void* _t202;
              
              				_t55 = _a8;
              				if(_t55 != 0x110) {
              					__eflags = _t55 - 0x113;
              					if(_t55 != 0x113) {
              						__eflags = _t55 - 0x111;
              						if(_t55 != 0x111) {
              							__eflags = _t55 - 0x7b;
              							if(_t55 != 0x7b) {
              								__eflags = _t55 - 0x138;
              								if(_t55 == 0x138) {
              									L62:
              									_t56 = GetDlgCtrlID(_a16);
              									__eflags = _t56 - 0x67;
              									if(_t56 != 0x67) {
              										__eflags =  *0x737fe537 - 1;
              										if( *0x737fe537 != 1) {
              											return 0;
              										}
              										_t58 = GetDlgCtrlID(_a16);
              										__eflags = _t58 - 0x65;
              										if(_t58 == 0x65) {
              											L69:
              											SetTextColor(_a12,  *0x737fe940);
              											__eflags =  *0x737fe93c - 0xffffffff;
              											if( *0x737fe93c != 0xffffffff) {
              												SetBkColor(_a12,  *0x737fe93c);
              												return CreateSolidBrush( *0x737fe93c);
              											}
              											SetBkMode(_a12, 1);
              											return GetStockObject(5);
              										}
              										__eflags = _t58 - 0x66;
              										if(_t58 == 0x66) {
              											goto L69;
              										}
              										__eflags = _t58 - 0x68;
              										if(_t58 == 0x68) {
              											goto L69;
              										}
              										__eflags = _t58 - 0x69;
              										if(_t58 != 0x69) {
              											__eflags = _t58 - 0x6a;
              											if(_t58 != 0x6a) {
              												__eflags = _t58 - 0x6f;
              												if(_t58 != 0x6f) {
              													SetTextColor(_a12,  *0x737fe940);
              													__eflags =  *0x737fe93c - 0xffffffff;
              													if( *0x737fe93c != 0xffffffff) {
              														SetBkColor(_a12,  *0x737fe938);
              														_t66 = CreateSolidBrush( *0x737fe938);
              													} else {
              														SetBkMode(_a12, 1);
              														_t66 = GetStockObject(5);
              													}
              													return _t66;
              												}
              												SetTextColor(_a12,  *0x737fe948);
              												__eflags =  *0x737fe94c - 0xffffffff;
              												if( *0x737fe94c != 0xffffffff) {
              													SetBkColor(_a12,  *0x737fe944);
              													return CreateSolidBrush( *0x737fe944);
              												}
              												SetBkMode(_a12, 1);
              												return GetStockObject(5);
              											}
              											SetTextColor(_a12,  *0x737fe950);
              											__eflags =  *0x737fe94c - 0xffffffff;
              											if( *0x737fe94c != 0xffffffff) {
              												SetBkColor(_a12,  *0x737fe94c);
              												return CreateSolidBrush( *0x737fe94c);
              											}
              											SetBkMode(_a12, 1);
              											return GetStockObject(5);
              										}
              										goto L69;
              									}
              									return SendMessageA(_a16, _a8, _a12, _a16);
              								}
              								__eflags = _t55 - 0x133;
              								if(_t55 == 0x133) {
              									goto L62;
              								}
              								__eflags = _t55 - 0x134;
              								if(_t55 == 0x134) {
              									goto L62;
              								}
              								__eflags = _t55 - 0x136;
              								if(_t55 == 0x136) {
              									__eflags =  *0x737fe537 - 1;
              									if( *0x737fe537 != 1) {
              										return 0;
              									}
              									return CreateSolidBrush( *0x737fe938);
              								}
              								__eflags = _t55 - 0x2b;
              								if(_t55 != 0x2b) {
              									__eflags = _t55 - 0x200;
              									if(_t55 != 0x200) {
              										__eflags = _t55 - 0x205;
              										if(_t55 != 0x205) {
              											__eflags = _t55 - 0x10;
              											if(_t55 != 0x10) {
              												return 0;
              											} else {
              												goto L100;
              											}
              										} else {
              											__eflags =  *0x737fd90c - 1;
              											if( *0x737fd90c == 1) {
              												ShowWindow(_a4, 6);
              											}
              											goto L105;
              										}
              									} else {
              										__eflags = _a12 - 1;
              										if(_a12 == 1) {
              											SendMessageA( *0x737fd8a6, 0x112, 0xf012, 0);
              										}
              										goto L105;
              									}
              								} else {
              									return E737F3C60(_a4, _a16);
              								}
              							} else {
              								__eflags = _a12 -  *0x737fd8be; // 0x20254
              								if(__eflags == 0) {
              									TrackPopupMenu( *0x737fd903, 0, _a16 & 0x0000ffff, _a16 >> 0x10, 0, _a4, 0);
              								}
              								goto L105;
              							}
              						} else {
              							_t101 = _a12;
              							__eflags = _t101 - 0x6e;
              							if(_t101 != 0x6e) {
              								__eflags = _t101 - 0x6d;
              								if(_t101 != 0x6d) {
              									__eflags = _t101 - 0x6c;
              									if(_t101 != 0x6c) {
              										__eflags = _t101 - 0xc9;
              										if(_t101 != 0xc9) {
              											__eflags = _t101 - 0xca;
              											if(_t101 == 0xca) {
              												__eflags =  *0x737fd902 - 1;
              												if( *0x737fd902 == 1) {
              													ShowWindow( *0x737fd8be, 0);
              													ShowWindow( *0x737fd8c2, 5);
              												}
              											}
              										} else {
              											E737F3D1A();
              										}
              									} else {
              										E737F62CD(_t192, _t196);
              									}
              								} else {
              									__eflags =  *0x737fd8aa;
              									if( *0x737fd8aa != 0) {
              										_t106 = DialogBoxParamA( *0x737fd8a2, 2,  *0x737fd8a6, E737F3690, 0);
              										__eflags = _t106 - 0xffffffff;
              										if(_t106 == 0xffffffff) {
              											MessageBoxA( *0x737fd8a6, E737F2A53( *0x737fd8aa, 8), "About", 0x40);
              										}
              									}
              								}
              							} else {
              								L100:
              								_t81 = E737F1460( *0x737fd8a2, 0x12, 1);
              								__eflags = _t81;
              								if(_t81 != 0) {
              									_t187 = _t81;
              									E737F1BB2(0x737ff15f);
              									__eflags =  *((intOrPtr*)(_t187 + 5));
              									if( *((intOrPtr*)(_t187 + 5)) != 0) {
              										E737F3B6F( *0x737fd8a6,  *((intOrPtr*)(_t187 + 5)),  *((intOrPtr*)(_t187 + 9)), 1);
              									}
              								}
              								E737F20BD();
              								DeleteFileA(0x737fe111);
              								E737F3AC2();
              								FreeLibrary( *0x73802239);
              								DeleteFileA(0x7380223d);
              								E737F61BC();
              								EndDialog( *0x737fd8a6, 0);
              							}
              							goto L105;
              						}
              					} else {
              						 *0x737fd90c = 1;
              						L105:
              						return 1;
              					}
              				} else {
              					_push(_a4);
              					_pop( *0x737fd8a6);
              					 *0x737fd8be = GetDlgItem( *0x737fd8a6, 0x6f);
              					 *0x737fd8c2 = GetDlgItem( *0x737fd8a6, 0x6a);
              					E737F2AD8( *0x737fd8be);
              					LoadStringA( *0x737fd8a2, 0xb, 0x7380463d, 0x400);
              					_t113 =  *0x7380463d;
              					_t197 =  *0x7380463E;
              					if(_t113 < 0x20 || _t113 > 0x7f || _t197 < 0x20 || _t197 > 0x7f) {
              						 *0x737fd90b = 1;
              					} else {
              						 *0x737fd90b = 0;
              					}
              					if( *0x737fd90b == 0) {
              						lstrcpyA("Courier New", "Courier New");
              						0x737fd8c6->lfHeight = 0xe;
              						 *0x737fd8d6 = 0x190;
              						SendMessageA( *0x737fd8be, 0x30, CreateFontIndirectA(0x737fd8c6), 1);
              					}
              					SendMessageA( *0x737fd8a6, 0x80, 1, LoadIconA(0, 0x1f4)); // executed
              					_t117 = E737F1460( *0x737fd8a2, 1, 1);
              					if(_t117 != 0) {
              						 *0x737fd8aa = _t117;
              						_t199 = _t117;
              						_t198 =  *0x737fd8a6; // 0x130062
              						SetWindowTextA(_t198, E737F2A53(_t199, 1)); // executed
              						SetDlgItemTextA(_t198, 0x65, E737F2A53(_t199, 2)); // executed
              						SetDlgItemTextA(_t198, 0x66, E737F2A53(_t199, 3)); // executed
              						_t176 = E737F2A53(_t199, 4);
              						 *0x737fd8b6 = _t176;
              						SetDlgItemTextA(_t198, 0x67, _t176); // executed
              						SetDlgItemTextA(_t198, 0x68, E737F2A53(_t199, 5)); // executed
              						SetDlgItemTextA(_t198, 0x6a, E737F2A53(_t199, 7)); // executed
              						SetDlgItemTextA(_t198, 0x69, E737F2A53(_t199, 6)); // executed
              					}
              					if(( *(_t199 + 1) & 0x00000002) == 0) {
              						_t118 = 1;
              					} else {
              						_t118 = 0;
              					}
              					CheckDlgButton( *0x737fd8a6, 0x6b, _t118);
              					_t120 = E737F2AFB(_a4, 0x6a, 0x6f);
              					 *0x737fd902 = _t120;
              					if(_t120 == 1) {
              						ShowWindow( *0x737fd8be, 0); // executed
              					}
              					_t122 = E737F1460( *0x737fd8a2, 2, 1);
              					if(_t122 != 0) {
              						_t202 = _t122;
              						if(E737F2A7D() != 0) {
              							E737F1FE3(_t202 + 1);
              						}
              					}
              					E737F5AFE();
              					_t125 = E737F1460( *0x737fd8a2, 0xa, 1);
              					if(_t125 != 0) {
              						_t201 = _t125;
              						 *0x737fe537 = 1;
              						 *0x737fe938 =  *((intOrPtr*)(_t201 + 1));
              						 *0x737fe93c =  *((intOrPtr*)(_t201 + 5));
              						 *0x737fe940 =  *((intOrPtr*)(_t201 + 9));
              						 *0x737fe944 =  *((intOrPtr*)(_t201 + 0xd));
              						 *0x737fe948 =  *((intOrPtr*)(_t201 + 0x11));
              						 *0x737fe94c =  *((intOrPtr*)(_t201 + 0x15));
              						 *0x737fe950 =  *((intOrPtr*)(_t201 + 0x19));
              						 *0x737fe954 =  *((intOrPtr*)(_t201 + 0x1d));
              						 *0x737fe958 =  *((intOrPtr*)(_t201 + 0x21));
              						if( *0x737fe954 != 0xffffffff &&  *0x737fe958 != 0xffffffff) {
              							E737F3C34( *0x737fd8a6, 0x6c);
              							E737F3C34( *0x737fd8a6, 0x6d);
              							E737F3C34( *0x737fd8a6, 0x6e);
              						}
              					}
              					 *0x737fd8ae = GetDlgItem( *0x737fd8a6, 0x67);
              					 *0x737fd8ba = SetWindowLongA( *0x737fd8ae, 0xfffffffc,  &M737F2B40);
              					if( *0x737fe94c == 0xffffffff) {
              						 *0x737fe52f = SetWindowLongA(GetDlgItem(_a4, 0x6a), 0xfffffffc, 0x737f2cf0);
              					}
              					if( *0x737fe944 == 0xffffffff) {
              						 *0x737fe533 = SetWindowLongA(GetDlgItem(_a4, 0x6f), 0xfffffffc, 0x737f2cf0);
              					}
              					 *0x737fd907 = E737F16E0( *0x737fd8a2, _a4, "BTN_PATCH_UP", "BTN_PATCH_DOWN", "BTN_PATCH_OVER", 0x6c);
              					E737F16E0( *0x737fd8a2, _a4, "BTN_ABOUT_UP", "BTN_ABOUT_DOWN", "BTN_ABOUT_OVER", 0x6d);
              					E737F16E0( *0x737fd8a2, _a4, "BTN_EXIT_UP", "BTN_EXIT_DOWN", "BTN_EXIT_OVER", 0x6e);
              					_t131 = E737F1460( *0x737fd8a2, 0xf, 1);
              					_t132 = _t131;
              					if(_t131 != 0) {
              						E737F2294(_t132);
              					}
              					E737F2AD8( *0x737fd8a6);
              					_t134 = CreatePopupMenu();
              					 *0x737fd903 = _t134;
              					_t200 = _t134;
              					LoadStringA( *0x737fd8a2, 0xe, 0x73804a3d, 0x400);
              					AppendMenuA(_t200, 0, 0xc9, 0x73804a3d);
              					LoadStringA( *0x737fd8a2, 0xf, 0x73804e3d, 0x400);
              					AppendMenuA(_t200, 0, 0xca, 0x73804e3d);
              					_t191 = LoadCursorA( *0x737fd8a2, 2);
              					if(_t191 != 0) {
              						SetClassLongA( *0x737fd8ae, 0xfffffff4, _t191);
              						SetClassLongA(GetDlgItem( *0x737fd8a6, 0x6c), 0xfffffff4, _t191);
              					}
              					 *0x737fd90c = 1;
              					_t141 = E737F1460( *0x737fd8a2, 0x12, 1);
              					if(_t141 == 0) {
              						_t143 = E737F1460( *0x737fd8a2, 0xb, 1);
              						__eflags = _t143;
              						if(_t143 != 0) {
              							E737F3AE0(_a4, _t143); // executed
              						}
              					} else {
              						_t150 =  *((intOrPtr*)(_t141 + 1));
              						if(_t150 != 0) {
              							SetTimer(_a4, 0, _t150 + 0x3e8, 0);
              							 *0x737fd90c = 0;
              						}
              						E737F2244(E737F3B43);
              					}
              					E737F6089(); // executed
              					E737F38CC();
              					SetFocus( *0x737fd8a6);
              					return 1;
              				}
              				goto L106;
              			}
































              0x737f2ddc
              0x737f2de4
              0x737f3298
              0x737f329d
              0x737f32ab
              0x737f32b0
              0x737f3372
              0x737f3375
              0x737f33af
              0x737f33b4
              0x737f33c8
              0x737f33cb
              0x737f33d0
              0x737f33d4
              0x737f33ec
              0x737f33f3
              0x00000000
              0x737f3545
              0x737f33fc
              0x737f3401
              0x737f3405
              0x737f3419
              0x737f3422
              0x737f3427
              0x737f342e
              0x737f344f
              0x00000000
              0x737f345a
              0x737f3435
              0x00000000
              0x737f343c
              0x737f3407
              0x737f340b
              0x00000000
              0x00000000
              0x737f340d
              0x737f3411
              0x00000000
              0x00000000
              0x737f3413
              0x737f3417
              0x737f3464
              0x737f3468
              0x737f34b5
              0x737f34b9
              0x737f3509
              0x737f350e
              0x737f3515
              0x737f3533
              0x737f353e
              0x737f3517
              0x737f351c
              0x737f3523
              0x737f3523
              0x00000000
              0x737f3515
              0x737f34c4
              0x737f34c9
              0x737f34d0
              0x737f34ee
              0x00000000
              0x737f34f9
              0x737f34d7
              0x00000000
              0x737f34de
              0x737f3473
              0x737f3478
              0x737f347f
              0x737f34a0
              0x00000000
              0x737f34ab
              0x737f3486
              0x00000000
              0x737f348d
              0x00000000
              0x737f3417
              0x00000000
              0x737f33e2
              0x737f33b6
              0x737f33bb
              0x00000000
              0x00000000
              0x737f33bd
              0x737f33c2
              0x00000000
              0x00000000
              0x737f3556
              0x737f355b
              0x737f355d
              0x737f3564
              0x00000000
              0x737f3573
              0x00000000
              0x737f356c
              0x737f3584
              0x737f3587
              0x737f35a0
              0x737f35a5
              0x737f35cd
              0x737f35d2
              0x737f35f0
              0x737f35f3
              0x737f3674
              0x00000000
              0x00000000
              0x00000000
              0x737f35d4
              0x737f35d4
              0x737f35db
              0x737f35e6
              0x737f35e6
              0x00000000
              0x737f35db
              0x737f35a7
              0x737f35a7
              0x737f35ab
              0x737f35c3
              0x737f35c3
              0x00000000
              0x737f35ab
              0x737f3589
              0x737f3598
              0x737f3598
              0x737f3377
              0x737f337a
              0x737f3380
              0x737f33a5
              0x737f33a5
              0x00000000
              0x737f3380
              0x737f32b6
              0x737f32b6
              0x737f32b9
              0x737f32bd
              0x737f32c9
              0x737f32cd
              0x737f3320
              0x737f3324
              0x737f3330
              0x737f3334
              0x737f3340
              0x737f3344
              0x737f334a
              0x737f3351
              0x737f335b
              0x737f3368
              0x737f3368
              0x737f336d
              0x737f3336
              0x737f3336
              0x737f3336
              0x737f3326
              0x737f3326
              0x737f3326
              0x737f32cf
              0x737f32cf
              0x737f32d6
              0x737f32f1
              0x737f32f6
              0x737f32f9
              0x737f3316
              0x737f3316
              0x737f331b
              0x737f32d6
              0x737f32bf
              0x737f35f5
              0x737f3604
              0x737f3604
              0x737f3606
              0x737f3608
              0x737f360f
              0x737f3617
              0x737f3619
              0x737f3629
              0x737f3629
              0x737f3619
              0x737f362e
              0x737f3638
              0x737f363d
              0x737f3648
              0x737f3652
              0x737f3657
              0x737f3664
              0x737f3664
              0x00000000
              0x737f32bd
              0x737f329f
              0x737f329f
              0x737f3677
              0x737f3680
              0x737f3680
              0x737f2dea
              0x737f2dea
              0x737f2ded
              0x737f2e00
              0x737f2e12
              0x737f2e1d
              0x737f2e34
              0x737f2e3e
              0x737f2e40
              0x737f2e45
              0x737f2e55
              0x737f2e5e
              0x737f2e5e
              0x737f2e5e
              0x737f2e6c
              0x737f2e78
              0x737f2e7d
              0x737f2e87
              0x737f2ea6
              0x737f2ea6
              0x737f2ec5
              0x737f2ed9
              0x737f2edb
              0x737f2ee1
              0x737f2ee6
              0x737f2ee8
              0x737f2ef8
              0x737f2f09
              0x737f2f1a
              0x737f2f22
              0x737f2f27
              0x737f2f30
              0x737f2f41
              0x737f2f52
              0x737f2f63
              0x737f2f63
              0x737f2f6f
              0x737f2f78
              0x737f2f71
              0x737f2f71
              0x737f2f71
              0x737f2f86
              0x737f2f92
              0x737f2f97
              0x737f2f9e
              0x737f2fa8
              0x737f2fa8
              0x737f2fbc
              0x737f2fbe
              0x737f2fc0
              0x737f2fc9
              0x737f2fcd
              0x737f2fcd
              0x737f2fc9
              0x737f2fd2
              0x737f2fe6
              0x737f2fe8
              0x737f2fee
              0x737f2ff0
              0x737f2ffa
              0x737f3003
              0x737f300c
              0x737f3015
              0x737f301e
              0x737f3027
              0x737f3030
              0x737f3039
              0x737f3042
              0x737f304f
              0x737f3062
              0x737f306f
              0x737f307c
              0x737f307c
              0x737f304f
              0x737f308e
              0x737f30a5
              0x737f30b1
              0x737f30ca
              0x737f30ca
              0x737f30d6
              0x737f30ef
              0x737f30ef
              0x737f3113
              0x737f3132
              0x737f3151
              0x737f3160
              0x737f3165
              0x737f3167
              0x737f316a
              0x737f316a
              0x737f3175
              0x737f317a
              0x737f317f
              0x737f3184
              0x737f3198
              0x737f31aa
              0x737f31c1
              0x737f31d3
              0x737f31e7
              0x737f31e9
              0x737f31f4
              0x737f320a
              0x737f320a
              0x737f320f
              0x737f3225
              0x737f3227
              0x737f3265
              0x737f3265
              0x737f3267
              0x737f326d
              0x737f326d
              0x737f3229
              0x737f322c
              0x737f322e
              0x737f323d
              0x737f3242
              0x737f3242
              0x737f324f
              0x737f324f
              0x737f3272
              0x737f3277
              0x737f3282
              0x737f3290
              0x737f3290
              0x00000000

              APIs
              • GetDlgItem.USER32 ref: 737F2DFB
              • GetDlgItem.USER32 ref: 737F2E0D
                • Part of subcall function 737F2AD8: LoadCursorA.USER32 ref: 737F2AE3
                • Part of subcall function 737F2AD8: SetClassLongA.USER32(?,000000F4,00000000,00000001), ref: 737F2AF2
              • LoadStringA.USER32 ref: 737F2E34
              • lstrcpyA.KERNEL32(Courier New,Courier New,0000000B,7380463D,00000400,0000006F,?), ref: 737F2E78
              • CreateFontIndirectA.GDI32(737FD8C6), ref: 737F2E96
              • SendMessageA.USER32(00000030,00000000,00000001,737FD8C6), ref: 737F2EA6
              • LoadIconA.USER32 ref: 737F2EB2
              • SendMessageA.USER32(00000080,00000001,00000000,00000000), ref: 737F2EC5
              • SetWindowTextA.USER32(00130062,00000000), ref: 737F2EF8
              • SetDlgItemTextA.USER32 ref: 737F2F09
              • SetDlgItemTextA.USER32 ref: 737F2F1A
              • SetDlgItemTextA.USER32 ref: 737F2F30
              • SetDlgItemTextA.USER32 ref: 737F2F41
              • SetDlgItemTextA.USER32 ref: 737F2F52
              • SetDlgItemTextA.USER32 ref: 737F2F63
              • CheckDlgButton.USER32(0000006B,00000001,00000001), ref: 737F2F86
              • ShowWindow.USER32(00000000,00000000,00000000,000001F4,0000000B,7380463D,00000400,0000006F,?), ref: 737F2FA8
              • GetDlgItem.USER32 ref: 737F3089
              • SetWindowLongA.USER32 ref: 737F30A0
              • GetDlgItem.USER32 ref: 737F30B8
              • SetWindowLongA.USER32 ref: 737F30C5
              • GetDlgItem.USER32 ref: 737F30DD
              • SetWindowLongA.USER32 ref: 737F30EA
              • CreatePopupMenu.USER32(7380463D,00000400,0000006F,?), ref: 737F317A
              • LoadStringA.USER32 ref: 737F3198
              • AppendMenuA.USER32 ref: 737F31AA
              • LoadStringA.USER32 ref: 737F31C1
              • AppendMenuA.USER32 ref: 737F31D3
              • LoadCursorA.USER32 ref: 737F31E0
              • SetClassLongA.USER32(000000F4,00000000,00000002,00000000,00000000,000000CA,73804E3D,0000000F,73804E3D,00000400,00000000,00000000,000000C9,73804A3D,0000000E,73804A3D), ref: 737F31F4
              • GetDlgItem.USER32 ref: 737F3201
              • SetClassLongA.USER32(00000000,000000F4,00000000,0000006C,000000F4,00000000,00000002,00000000,00000000,000000CA,73804E3D,0000000F,73804E3D,00000400,00000000,00000000), ref: 737F320A
              • SetTimer.USER32(?,00000000,?,00000000), ref: 737F323D
              • SetFocus.USER32(00000000,000000CA,73804E3D,0000000F,73804E3D,00000400,00000000,00000000,000000C9,73804A3D,0000000E,73804A3D,00000400,7380463D,00000400,0000006F), ref: 737F3282
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Item$Text$LoadLong$Window$ClassMenuString$AppendCreateCursorMessageSend$ButtonCheckFocusFontIconIndirectPopupShowTimerlstrcpy
              • String ID: About$BTN_ABOUT_DOWN$BTN_ABOUT_OVER$BTN_ABOUT_UP$BTN_EXIT_DOWN$BTN_EXIT_OVER$BTN_EXIT_UP$BTN_PATCH_DOWN$BTN_PATCH_OVER$BTN_PATCH_UP$Courier New$Courier New
              • API String ID: 131015904-2692962312
              • Opcode ID: 1e9a1e79004e55afee00a8f625275e0574d021ca7a891283de8e5b3e54d8ea36
              • Instruction ID: 1b97774f98b7df8644716a9a78f7d6c650200f8d2fb1d0892e619159dc91cf25
              • Opcode Fuzzy Hash: 1e9a1e79004e55afee00a8f625275e0574d021ca7a891283de8e5b3e54d8ea36
              • Instruction Fuzzy Hash: 2E128332205307BFFB22BB65CE86F593B66FB00710F248611F5556B3E9C66B8453AA12
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 181 737f2dc9-737f2de4 183 737f2dea-737f2e45 GetDlgItem * 2 call 737f2ad8 LoadStringA 181->183 184 737f3298-737f329d 181->184 194 737f2e47-737f2e49 183->194 195 737f2e55-737f2e5c 183->195 185 737f329f-737f32a6 184->185 186 737f32ab-737f32b0 184->186 188 737f3677-737f3680 185->188 189 737f32b6-737f32bd 186->189 190 737f3372-737f3375 186->190 192 737f32bf 189->192 193 737f32c9-737f32cd 189->193 196 737f33af-737f33b4 190->196 197 737f3377-737f3380 190->197 200 737f35f5-737f3606 call 737f1460 192->200 201 737f32cf-737f32d6 193->201 202 737f3320-737f3324 193->202 194->195 203 737f2e4b-737f2e4e 194->203 204 737f2e65-737f2e6c 195->204 198 737f33c8-737f33d4 GetDlgCtrlID 196->198 199 737f33b6-737f33bb 196->199 197->188 205 737f3386-737f33aa TrackPopupMenu 197->205 211 737f33ec-737f33f3 198->211 212 737f33d6-737f33e7 SendMessageA 198->212 199->198 208 737f33bd-737f33c2 199->208 236 737f362e-737f3669 call 737f20bd DeleteFileA call 737f3ac2 FreeLibrary DeleteFileA call 737f61bc EndDialog 200->236 237 737f3608-737f3619 call 737f1bb2 200->237 201->188 214 737f32dc-737f32f9 DialogBoxParamA 201->214 209 737f3326-737f332b call 737f62cd 202->209 210 737f3330-737f3334 202->210 203->195 215 737f2e50-737f2e53 203->215 206 737f2e6e-737f2ea6 lstrcpyA CreateFontIndirectA SendMessageA 204->206 207 737f2eab-737f2edb LoadIconA SendMessageA call 737f1460 204->207 205->188 206->207 242 737f2f68-737f2f6f 207->242 243 737f2ee1-737f2f63 call 737f2a53 SetWindowTextA call 737f2a53 SetDlgItemTextA call 737f2a53 SetDlgItemTextA call 737f2a53 SetDlgItemTextA call 737f2a53 SetDlgItemTextA call 737f2a53 SetDlgItemTextA call 737f2a53 SetDlgItemTextA 207->243 208->198 217 737f3556-737f355b 208->217 209->188 220 737f3336-737f333b call 737f3d1a 210->220 221 737f3340-737f3344 210->221 222 737f33f9-737f3405 GetDlgCtrlID 211->222 223 737f3545 211->223 219 737f354a-737f354e 212->219 225 737f331b 214->225 226 737f32fb-737f3316 call 737f2a53 MessageBoxA 214->226 215->195 227 737f2e5e 215->227 234 737f355d-737f3564 217->234 235 737f3584-737f3587 217->235 220->188 221->188 233 737f334a-737f3351 221->233 231 737f3419-737f342e SetTextColor 222->231 232 737f3407-737f340b 222->232 223->219 225->188 226->225 227->204 246 737f3446-737f345f SetBkColor CreateSolidBrush 231->246 247 737f3430-737f3441 SetBkMode GetStockObject 231->247 232->231 245 737f340d-737f3411 232->245 248 737f336d 233->248 249 737f3353-737f3368 ShowWindow * 2 233->249 250 737f3566-737f3571 CreateSolidBrush 234->250 251 737f3573 234->251 239 737f3589-737f3598 call 737f3c60 235->239 240 737f35a0-737f35a5 235->240 236->188 237->236 264 737f361b-737f3629 call 737f3b6f 237->264 259 737f35cd-737f35d2 240->259 260 737f35a7-737f35ab 240->260 261 737f2f78 242->261 262 737f2f71-737f2f76 242->262 243->242 245->231 263 737f3413-737f3417 245->263 246->219 247->219 248->188 249->248 257 737f3578-737f357c 250->257 251->257 270 737f35d4-737f35db 259->270 271 737f35f0-737f35f3 259->271 260->188 267 737f35b1-737f35c8 SendMessageA 260->267 268 737f2f7d-737f2f9e CheckDlgButton call 737f2afb 261->268 262->268 263->231 272 737f3464-737f3468 263->272 264->236 267->188 294 737f2fad-737f2fbe call 737f1460 268->294 295 737f2fa0-737f2fa8 ShowWindow 268->295 270->188 277 737f35e1-737f35eb ShowWindow 270->277 271->200 278 737f366b-737f3674 271->278 279 737f346a-737f347f SetTextColor 272->279 280 737f34b5-737f34b9 272->280 277->188 278->188 286 737f3497-737f34b0 SetBkColor CreateSolidBrush 279->286 287 737f3481-737f3492 SetBkMode GetStockObject 279->287 281 737f34bb-737f34d0 SetTextColor 280->281 282 737f3500-737f3515 SetTextColor 280->282 288 737f34e5-737f34fe SetBkColor CreateSolidBrush 281->288 289 737f34d2-737f34e3 SetBkMode GetStockObject 281->289 290 737f352a-737f353e SetBkColor CreateSolidBrush 282->290 291 737f3517-737f3528 SetBkMode GetStockObject 282->291 286->219 287->219 288->219 289->219 296 737f3543 290->296 291->296 302 737f2fd2-737f2fe8 call 737f5afe call 737f1460 294->302 303 737f2fc0-737f2fc9 call 737f2a7d 294->303 295->294 296->219 316 737f2fee-737f304f 302->316 317 737f3081-737f30b1 GetDlgItem SetWindowLongA 302->317 303->302 310 737f2fcb-737f2fcd call 737f1fe3 303->310 310->302 316->317 322 737f3051-737f3058 316->322 319 737f30cf-737f30d6 317->319 320 737f30b3-737f30ca GetDlgItem SetWindowLongA 317->320 324 737f30d8-737f30ef GetDlgItem SetWindowLongA 319->324 325 737f30f4-737f3167 call 737f16e0 * 3 call 737f1460 319->325 320->319 322->317 323 737f305a-737f307c call 737f3c34 * 3 322->323 323->317 324->325 339 737f316f-737f31e9 call 737f2ad8 CreatePopupMenu LoadStringA AppendMenuA LoadStringA AppendMenuA LoadCursorA 325->339 340 737f3169-737f316a call 737f2294 325->340 344 737f320f-737f3227 call 737f1460 339->344 345 737f31eb-737f320a SetClassLongA GetDlgItem SetClassLongA 339->345 340->339 348 737f3229-737f322e 344->348 349 737f3256-737f3267 call 737f1460 344->349 345->344 350 737f3249-737f3254 call 737f2244 348->350 351 737f3230-737f3242 SetTimer 348->351 356 737f3269-737f326d call 737f3ae0 349->356 357 737f3272-737f3290 call 737f6089 call 737f38cc SetFocus 349->357 350->357 351->350 356->357
              C-Code - Quality: 98%
              			E737F2DC9(struct HWND__* _a4, int _a8, int _a12, signed int _a16) {
              				int _t55;
              				int _t56;
              				long _t57;
              				int _t58;
              				intOrPtr _t73;
              				struct HBRUSH__* _t87;
              				int _t92;
              				int _t97;
              				char _t104;
              				intOrPtr _t108;
              				int _t109;
              				char _t111;
              				void* _t113;
              				void* _t116;
              				void* _t122;
              				struct HMENU__* _t125;
              				void* _t132;
              				intOrPtr _t134;
              				intOrPtr _t141;
              				CHAR* _t167;
              				intOrPtr _t182;
              				long _t188;
              				void* _t190;
              				void* _t194;
              				intOrPtr _t195;
              				struct HWND__* _t203;
              				intOrPtr _t204;
              				struct HMENU__* _t210;
              				void* _t212;
              				void* _t213;
              
              				_push(_t204);
              				_t55 = _a8;
              				if(_t55 != 0x110) {
              					__eflags = _t55 - 0x113;
              					if(_t55 != 0x113) {
              						__eflags = _t55 - 0x111;
              						if(_t55 != 0x111) {
              							__eflags = _t55 - 0x7b;
              							if(_t55 != 0x7b) {
              								__eflags = _t55 - 0x138;
              								if(_t55 == 0x138) {
              									L63:
              									_t56 = GetDlgCtrlID(_a16);
              									__eflags = _t56 - 0x67;
              									if(_t56 != 0x67) {
              										__eflags =  *0x737fe537 - 1;
              										if( *0x737fe537 != 1) {
              											_t57 = 0;
              										} else {
              											_t58 = GetDlgCtrlID(_a16);
              											__eflags = _t58 - 0x65;
              											if(_t58 == 0x65) {
              												L70:
              												SetTextColor(_a12,  *0x737fe940);
              												__eflags =  *0x737fe93c - 0xffffffff;
              												if( *0x737fe93c != 0xffffffff) {
              													SetBkColor(_a12,  *0x737fe93c);
              													_t57 = CreateSolidBrush( *0x737fe93c);
              												} else {
              													SetBkMode(_a12, 1);
              													_t57 = GetStockObject(5);
              												}
              											} else {
              												__eflags = _t58 - 0x66;
              												if(_t58 == 0x66) {
              													goto L70;
              												} else {
              													__eflags = _t58 - 0x68;
              													if(_t58 == 0x68) {
              														goto L70;
              													} else {
              														__eflags = _t58 - 0x69;
              														if(_t58 != 0x69) {
              															__eflags = _t58 - 0x6a;
              															if(_t58 != 0x6a) {
              																__eflags = _t58 - 0x6f;
              																if(_t58 != 0x6f) {
              																	SetTextColor(_a12,  *0x737fe940);
              																	__eflags =  *0x737fe93c - 0xffffffff;
              																	if( *0x737fe93c != 0xffffffff) {
              																		SetBkColor(_a12,  *0x737fe938);
              																		_t57 = CreateSolidBrush( *0x737fe938);
              																	} else {
              																		SetBkMode(_a12, 1);
              																		_t57 = GetStockObject(5);
              																	}
              																} else {
              																	SetTextColor(_a12,  *0x737fe948);
              																	__eflags =  *0x737fe94c - 0xffffffff;
              																	if( *0x737fe94c != 0xffffffff) {
              																		SetBkColor(_a12,  *0x737fe944);
              																		_t57 = CreateSolidBrush( *0x737fe944);
              																	} else {
              																		SetBkMode(_a12, 1);
              																		_t57 = GetStockObject(5);
              																	}
              																}
              															} else {
              																SetTextColor(_a12,  *0x737fe950);
              																__eflags =  *0x737fe94c - 0xffffffff;
              																if( *0x737fe94c != 0xffffffff) {
              																	SetBkColor(_a12,  *0x737fe94c);
              																	_t57 = CreateSolidBrush( *0x737fe94c);
              																} else {
              																	SetBkMode(_a12, 1);
              																	_t57 = GetStockObject(5);
              																}
              															}
              														} else {
              															goto L70;
              														}
              													}
              												}
              											}
              										}
              									} else {
              										_t57 = SendMessageA(_a16, _a8, _a12, _a16);
              									}
              									return _t57;
              								} else {
              									__eflags = _t55 - 0x133;
              									if(_t55 == 0x133) {
              										goto L63;
              									} else {
              										__eflags = _t55 - 0x134;
              										if(_t55 != 0x134) {
              											__eflags = _t55 - 0x136;
              											if(_t55 != 0x136) {
              												__eflags = _t55 - 0x2b;
              												if(_t55 != 0x2b) {
              													__eflags = _t55 - 0x200;
              													if(_t55 != 0x200) {
              														__eflags = _t55 - 0x205;
              														if(_t55 != 0x205) {
              															__eflags = _t55 - 0x10;
              															if(_t55 != 0x10) {
              																return 0;
              															} else {
              																goto L101;
              															}
              														} else {
              															__eflags =  *0x737fd90c - 1;
              															if( *0x737fd90c == 1) {
              																ShowWindow(_a4, 6);
              															}
              															goto L106;
              														}
              													} else {
              														__eflags = _a12 - 1;
              														if(_a12 == 1) {
              															SendMessageA( *0x737fd8a6, 0x112, 0xf012, 0);
              														}
              														goto L106;
              													}
              												} else {
              													return E737F3C60(_a4, _a16);
              												}
              											} else {
              												__eflags =  *0x737fe537 - 1;
              												if( *0x737fe537 != 1) {
              													_t87 = 0;
              												} else {
              													_t87 = CreateSolidBrush( *0x737fe938);
              												}
              												return _t87;
              											}
              										} else {
              											goto L63;
              										}
              									}
              								}
              							} else {
              								__eflags = _a12 -  *0x737fd8be; // 0x20254
              								if(__eflags == 0) {
              									TrackPopupMenu( *0x737fd903, 0, _a16 & 0x0000ffff, _a16 >> 0x10, 0, _a4, 0);
              								}
              								goto L106;
              							}
              						} else {
              							_t92 = _a12;
              							__eflags = _t92 - 0x6e;
              							if(_t92 != 0x6e) {
              								__eflags = _t92 - 0x6d;
              								if(_t92 != 0x6d) {
              									__eflags = _t92 - 0x6c;
              									if(_t92 != 0x6c) {
              										__eflags = _t92 - 0xc9;
              										if(_t92 != 0xc9) {
              											__eflags = _t92 - 0xca;
              											if(_t92 == 0xca) {
              												__eflags =  *0x737fd902 - 1;
              												if( *0x737fd902 == 1) {
              													ShowWindow( *0x737fd8be, 0);
              													ShowWindow( *0x737fd8c2, 5);
              												}
              											}
              										} else {
              											E737F3D1A();
              										}
              									} else {
              										E737F62CD(_t190, _t194);
              									}
              								} else {
              									__eflags =  *0x737fd8aa;
              									if( *0x737fd8aa != 0) {
              										_t97 = DialogBoxParamA( *0x737fd8a2, 2,  *0x737fd8a6, E737F3690, 0);
              										__eflags = _t97 - 0xffffffff;
              										if(_t97 == 0xffffffff) {
              											MessageBoxA( *0x737fd8a6, E737F2A53( *0x737fd8aa, 8), "About", 0x40);
              										}
              									}
              								}
              							} else {
              								L101:
              								_t73 = E737F1460( *0x737fd8a2, 0x12, 1);
              								__eflags = _t73;
              								if(_t73 != 0) {
              									_t182 = _t73;
              									E737F1BB2(0x737ff15f);
              									__eflags =  *((intOrPtr*)(_t182 + 5));
              									if( *((intOrPtr*)(_t182 + 5)) != 0) {
              										E737F3B6F( *0x737fd8a6,  *((intOrPtr*)(_t182 + 5)),  *((intOrPtr*)(_t182 + 9)), 1);
              									}
              								}
              								E737F20BD();
              								DeleteFileA(0x737fe111);
              								E737F3AC2();
              								FreeLibrary( *0x73802239);
              								DeleteFileA(0x7380223d);
              								E737F61BC();
              								EndDialog( *0x737fd8a6, 0);
              							}
              							goto L106;
              						}
              					} else {
              						 *0x737fd90c = 1;
              						L106:
              						return 1;
              					}
              				} else {
              					_push(_a4);
              					_pop( *0x737fd8a6);
              					 *0x737fd8be = GetDlgItem( *0x737fd8a6, 0x6f);
              					 *0x737fd8c2 = GetDlgItem( *0x737fd8a6, 0x6a);
              					E737F2AD8( *0x737fd8be);
              					LoadStringA( *0x737fd8a2, 0xb, 0x7380463d, 0x400);
              					_t104 =  *0x7380463d;
              					_t195 =  *0x7380463E;
              					if(_t104 < 0x20 || _t104 > 0x7f || _t195 < 0x20 || _t195 > 0x7f) {
              						 *0x737fd90b = 1;
              					} else {
              						 *0x737fd90b = 0;
              					}
              					if( *0x737fd90b == 0) {
              						lstrcpyA("Courier New", "Courier New");
              						0x737fd8c6->lfHeight = 0xe;
              						 *0x737fd8d6 = 0x190;
              						SendMessageA( *0x737fd8be, 0x30, CreateFontIndirectA(0x737fd8c6), 1);
              					}
              					SendMessageA( *0x737fd8a6, 0x80, 1, LoadIconA(0, 0x1f4)); // executed
              					_t108 = E737F1460( *0x737fd8a2, 1, 1);
              					if(_t108 != 0) {
              						 *0x737fd8aa = _t108;
              						_t204 = _t108;
              						_t203 =  *0x737fd8a6; // 0x130062
              						SetWindowTextA(_t203, E737F2A53(_t204, 1)); // executed
              						SetDlgItemTextA(_t203, 0x65, E737F2A53(_t204, 2)); // executed
              						SetDlgItemTextA(_t203, 0x66, E737F2A53(_t204, 3)); // executed
              						_t167 = E737F2A53(_t204, 4);
              						 *0x737fd8b6 = _t167;
              						SetDlgItemTextA(_t203, 0x67, _t167); // executed
              						SetDlgItemTextA(_t203, 0x68, E737F2A53(_t204, 5)); // executed
              						SetDlgItemTextA(_t203, 0x6a, E737F2A53(_t204, 7)); // executed
              						SetDlgItemTextA(_t203, 0x69, E737F2A53(_t204, 6)); // executed
              					}
              					if(( *(_t204 + 1) & 0x00000002) == 0) {
              						_t109 = 1;
              					} else {
              						_t109 = 0;
              					}
              					CheckDlgButton( *0x737fd8a6, 0x6b, _t109);
              					_t111 = E737F2AFB(_a4, 0x6a, 0x6f);
              					 *0x737fd902 = _t111;
              					if(_t111 == 1) {
              						ShowWindow( *0x737fd8be, 0); // executed
              					}
              					_t113 = E737F1460( *0x737fd8a2, 2, 1);
              					if(_t113 != 0) {
              						_t213 = _t113;
              						if(E737F2A7D() != 0) {
              							E737F1FE3(_t213 + 1);
              						}
              					}
              					E737F5AFE();
              					_t116 = E737F1460( *0x737fd8a2, 0xa, 1);
              					if(_t116 != 0) {
              						_t212 = _t116;
              						 *0x737fe537 = 1;
              						 *0x737fe938 =  *((intOrPtr*)(_t212 + 1));
              						 *0x737fe93c =  *((intOrPtr*)(_t212 + 5));
              						 *0x737fe940 =  *((intOrPtr*)(_t212 + 9));
              						 *0x737fe944 =  *((intOrPtr*)(_t212 + 0xd));
              						 *0x737fe948 =  *((intOrPtr*)(_t212 + 0x11));
              						 *0x737fe94c =  *((intOrPtr*)(_t212 + 0x15));
              						 *0x737fe950 =  *((intOrPtr*)(_t212 + 0x19));
              						 *0x737fe954 =  *((intOrPtr*)(_t212 + 0x1d));
              						 *0x737fe958 =  *((intOrPtr*)(_t212 + 0x21));
              						if( *0x737fe954 != 0xffffffff &&  *0x737fe958 != 0xffffffff) {
              							E737F3C34( *0x737fd8a6, 0x6c);
              							E737F3C34( *0x737fd8a6, 0x6d);
              							E737F3C34( *0x737fd8a6, 0x6e);
              						}
              					}
              					 *0x737fd8ae = GetDlgItem( *0x737fd8a6, 0x67);
              					 *0x737fd8ba = SetWindowLongA( *0x737fd8ae, 0xfffffffc,  &M737F2B40);
              					if( *0x737fe94c == 0xffffffff) {
              						 *0x737fe52f = SetWindowLongA(GetDlgItem(_a4, 0x6a), 0xfffffffc, 0x737f2cf0);
              					}
              					if( *0x737fe944 == 0xffffffff) {
              						 *0x737fe533 = SetWindowLongA(GetDlgItem(_a4, 0x6f), 0xfffffffc, 0x737f2cf0);
              					}
              					 *0x737fd907 = E737F16E0( *0x737fd8a2, _a4, "BTN_PATCH_UP", "BTN_PATCH_DOWN", "BTN_PATCH_OVER", 0x6c);
              					E737F16E0( *0x737fd8a2, _a4, "BTN_ABOUT_UP", "BTN_ABOUT_DOWN", "BTN_ABOUT_OVER", 0x6d);
              					E737F16E0( *0x737fd8a2, _a4, "BTN_EXIT_UP", "BTN_EXIT_DOWN", "BTN_EXIT_OVER", 0x6e);
              					_t122 = E737F1460( *0x737fd8a2, 0xf, 1);
              					_t123 = _t122;
              					if(_t122 != 0) {
              						E737F2294(_t123);
              					}
              					E737F2AD8( *0x737fd8a6);
              					_t125 = CreatePopupMenu();
              					 *0x737fd903 = _t125;
              					_t210 = _t125;
              					LoadStringA( *0x737fd8a2, 0xe, 0x73804a3d, 0x400);
              					AppendMenuA(_t210, 0, 0xc9, 0x73804a3d);
              					LoadStringA( *0x737fd8a2, 0xf, 0x73804e3d, 0x400);
              					AppendMenuA(_t210, 0, 0xca, 0x73804e3d);
              					_t188 = LoadCursorA( *0x737fd8a2, 2);
              					if(_t188 != 0) {
              						SetClassLongA( *0x737fd8ae, 0xfffffff4, _t188);
              						SetClassLongA(GetDlgItem( *0x737fd8a6, 0x6c), 0xfffffff4, _t188);
              					}
              					 *0x737fd90c = 1;
              					_t132 = E737F1460( *0x737fd8a2, 0x12, 1);
              					if(_t132 == 0) {
              						_t134 = E737F1460( *0x737fd8a2, 0xb, 1);
              						__eflags = _t134;
              						if(_t134 != 0) {
              							E737F3AE0(_a4, _t134); // executed
              						}
              					} else {
              						_t141 =  *((intOrPtr*)(_t132 + 1));
              						if(_t141 != 0) {
              							SetTimer(_a4, 0, _t141 + 0x3e8, 0);
              							 *0x737fd90c = 0;
              						}
              						E737F2244(E737F3B43);
              					}
              					E737F6089(); // executed
              					E737F38CC();
              					SetFocus( *0x737fd8a6);
              					return 1;
              				}
              			}

































              0x737f2dda
              0x737f2ddc
              0x737f2de4
              0x737f3298
              0x737f329d
              0x737f32ab
              0x737f32b0
              0x737f3372
              0x737f3375
              0x737f33af
              0x737f33b4
              0x737f33c8
              0x737f33cb
              0x737f33d0
              0x737f33d4
              0x737f33ec
              0x737f33f3
              0x737f3545
              0x737f33f9
              0x737f33fc
              0x737f3401
              0x737f3405
              0x737f3419
              0x737f3422
              0x737f3427
              0x737f342e
              0x737f344f
              0x737f345a
              0x737f3430
              0x737f3435
              0x737f343c
              0x737f343c
              0x737f3407
              0x737f3407
              0x737f340b
              0x00000000
              0x737f340d
              0x737f340d
              0x737f3411
              0x00000000
              0x737f3413
              0x737f3413
              0x737f3417
              0x737f3464
              0x737f3468
              0x737f34b5
              0x737f34b9
              0x737f3509
              0x737f350e
              0x737f3515
              0x737f3533
              0x737f353e
              0x737f3517
              0x737f351c
              0x737f3523
              0x737f3523
              0x737f34bb
              0x737f34c4
              0x737f34c9
              0x737f34d0
              0x737f34ee
              0x737f34f9
              0x737f34d2
              0x737f34d7
              0x737f34de
              0x737f34de
              0x737f34d0
              0x737f346a
              0x737f3473
              0x737f3478
              0x737f347f
              0x737f34a0
              0x737f34ab
              0x737f3481
              0x737f3486
              0x737f348d
              0x737f348d
              0x737f347f
              0x00000000
              0x00000000
              0x00000000
              0x737f3417
              0x737f3411
              0x737f340b
              0x737f3405
              0x737f33d6
              0x737f33e2
              0x737f33e2
              0x737f354e
              0x737f33b6
              0x737f33b6
              0x737f33bb
              0x00000000
              0x737f33bd
              0x737f33bd
              0x737f33c2
              0x737f3556
              0x737f355b
              0x737f3584
              0x737f3587
              0x737f35a0
              0x737f35a5
              0x737f35cd
              0x737f35d2
              0x737f35f0
              0x737f35f3
              0x737f3674
              0x00000000
              0x00000000
              0x00000000
              0x737f35d4
              0x737f35d4
              0x737f35db
              0x737f35e6
              0x737f35e6
              0x00000000
              0x737f35db
              0x737f35a7
              0x737f35a7
              0x737f35ab
              0x737f35c3
              0x737f35c3
              0x00000000
              0x737f35ab
              0x737f3589
              0x737f3598
              0x737f3598
              0x737f355d
              0x737f355d
              0x737f3564
              0x737f3573
              0x737f3566
              0x737f356c
              0x737f356c
              0x737f357c
              0x737f357c
              0x00000000
              0x00000000
              0x00000000
              0x737f33c2
              0x737f33bb
              0x737f3377
              0x737f337a
              0x737f3380
              0x737f33a5
              0x737f33a5
              0x00000000
              0x737f3380
              0x737f32b6
              0x737f32b6
              0x737f32b9
              0x737f32bd
              0x737f32c9
              0x737f32cd
              0x737f3320
              0x737f3324
              0x737f3330
              0x737f3334
              0x737f3340
              0x737f3344
              0x737f334a
              0x737f3351
              0x737f335b
              0x737f3368
              0x737f3368
              0x737f336d
              0x737f3336
              0x737f3336
              0x737f3336
              0x737f3326
              0x737f3326
              0x737f3326
              0x737f32cf
              0x737f32cf
              0x737f32d6
              0x737f32f1
              0x737f32f6
              0x737f32f9
              0x737f3316
              0x737f3316
              0x737f331b
              0x737f32d6
              0x737f32bf
              0x737f35f5
              0x737f3604
              0x737f3604
              0x737f3606
              0x737f3608
              0x737f360f
              0x737f3617
              0x737f3619
              0x737f3629
              0x737f3629
              0x737f3619
              0x737f362e
              0x737f3638
              0x737f363d
              0x737f3648
              0x737f3652
              0x737f3657
              0x737f3664
              0x737f3664
              0x00000000
              0x737f32bd
              0x737f329f
              0x737f329f
              0x737f3677
              0x737f3680
              0x737f3680
              0x737f2dea
              0x737f2dea
              0x737f2ded
              0x737f2e00
              0x737f2e12
              0x737f2e1d
              0x737f2e34
              0x737f2e3e
              0x737f2e40
              0x737f2e45
              0x737f2e55
              0x737f2e5e
              0x737f2e5e
              0x737f2e5e
              0x737f2e6c
              0x737f2e78
              0x737f2e7d
              0x737f2e87
              0x737f2ea6
              0x737f2ea6
              0x737f2ec5
              0x737f2ed9
              0x737f2edb
              0x737f2ee1
              0x737f2ee6
              0x737f2ee8
              0x737f2ef8
              0x737f2f09
              0x737f2f1a
              0x737f2f22
              0x737f2f27
              0x737f2f30
              0x737f2f41
              0x737f2f52
              0x737f2f63
              0x737f2f63
              0x737f2f6f
              0x737f2f78
              0x737f2f71
              0x737f2f71
              0x737f2f71
              0x737f2f86
              0x737f2f92
              0x737f2f97
              0x737f2f9e
              0x737f2fa8
              0x737f2fa8
              0x737f2fbc
              0x737f2fbe
              0x737f2fc0
              0x737f2fc9
              0x737f2fcd
              0x737f2fcd
              0x737f2fc9
              0x737f2fd2
              0x737f2fe6
              0x737f2fe8
              0x737f2fee
              0x737f2ff0
              0x737f2ffa
              0x737f3003
              0x737f300c
              0x737f3015
              0x737f301e
              0x737f3027
              0x737f3030
              0x737f3039
              0x737f3042
              0x737f304f
              0x737f3062
              0x737f306f
              0x737f307c
              0x737f307c
              0x737f304f
              0x737f308e
              0x737f30a5
              0x737f30b1
              0x737f30ca
              0x737f30ca
              0x737f30d6
              0x737f30ef
              0x737f30ef
              0x737f3113
              0x737f3132
              0x737f3151
              0x737f3160
              0x737f3165
              0x737f3167
              0x737f316a
              0x737f316a
              0x737f3175
              0x737f317a
              0x737f317f
              0x737f3184
              0x737f3198
              0x737f31aa
              0x737f31c1
              0x737f31d3
              0x737f31e7
              0x737f31e9
              0x737f31f4
              0x737f320a
              0x737f320a
              0x737f320f
              0x737f3225
              0x737f3227
              0x737f3265
              0x737f3265
              0x737f3267
              0x737f326d
              0x737f326d
              0x737f3229
              0x737f322c
              0x737f322e
              0x737f323d
              0x737f3242
              0x737f3242
              0x737f324f
              0x737f324f
              0x737f3272
              0x737f3277
              0x737f3282
              0x737f3290
              0x737f3290

              APIs
              • GetDlgItem.USER32 ref: 737F2DFB
              • GetDlgItem.USER32 ref: 737F2E0D
                • Part of subcall function 737F2AD8: LoadCursorA.USER32 ref: 737F2AE3
                • Part of subcall function 737F2AD8: SetClassLongA.USER32(?,000000F4,00000000,00000001), ref: 737F2AF2
              • LoadStringA.USER32 ref: 737F2E34
              • lstrcpyA.KERNEL32(Courier New,Courier New,0000000B,7380463D,00000400,0000006F,?), ref: 737F2E78
              • CreateFontIndirectA.GDI32(737FD8C6), ref: 737F2E96
              • SendMessageA.USER32(00000030,00000000,00000001,737FD8C6), ref: 737F2EA6
              • LoadIconA.USER32 ref: 737F2EB2
              • SendMessageA.USER32(00000080,00000001,00000000,00000000), ref: 737F2EC5
              • SetWindowTextA.USER32(00130062,00000000), ref: 737F2EF8
              • SetDlgItemTextA.USER32 ref: 737F2F09
              • SetDlgItemTextA.USER32 ref: 737F2F1A
              • SetDlgItemTextA.USER32 ref: 737F2F30
              • SetDlgItemTextA.USER32 ref: 737F2F41
              • SetDlgItemTextA.USER32 ref: 737F2F52
              • SetDlgItemTextA.USER32 ref: 737F2F63
              • CheckDlgButton.USER32(0000006B,00000001,00000001), ref: 737F2F86
              • ShowWindow.USER32(00000000,00000000,00000000,000001F4,0000000B,7380463D,00000400,0000006F,?), ref: 737F2FA8
              • GetDlgItem.USER32 ref: 737F3089
              • SetWindowLongA.USER32 ref: 737F30A0
              • GetDlgItem.USER32 ref: 737F30B8
              • SetWindowLongA.USER32 ref: 737F30C5
              • GetDlgItem.USER32 ref: 737F30DD
              • SetWindowLongA.USER32 ref: 737F30EA
              • CreatePopupMenu.USER32(7380463D,00000400,0000006F,?), ref: 737F317A
              • LoadStringA.USER32 ref: 737F3198
              • AppendMenuA.USER32 ref: 737F31AA
              • LoadStringA.USER32 ref: 737F31C1
              • AppendMenuA.USER32 ref: 737F31D3
              • LoadCursorA.USER32 ref: 737F31E0
              • SetClassLongA.USER32(000000F4,00000000,00000002,00000000,00000000,000000CA,73804E3D,0000000F,73804E3D,00000400,00000000,00000000,000000C9,73804A3D,0000000E,73804A3D), ref: 737F31F4
              • GetDlgItem.USER32 ref: 737F3201
              • SetClassLongA.USER32(00000000,000000F4,00000000,0000006C,000000F4,00000000,00000002,00000000,00000000,000000CA,73804E3D,0000000F,73804E3D,00000400,00000000,00000000), ref: 737F320A
              • SetTimer.USER32(?,00000000,?,00000000), ref: 737F323D
              • SetFocus.USER32(00000000,000000CA,73804E3D,0000000F,73804E3D,00000400,00000000,00000000,000000C9,73804A3D,0000000E,73804A3D,00000400,7380463D,00000400,0000006F), ref: 737F3282
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Item$Text$LoadLong$Window$ClassMenuString$AppendCreateCursorMessageSend$ButtonCheckFocusFontIconIndirectPopupShowTimerlstrcpy
              • String ID: BTN_ABOUT_DOWN$BTN_ABOUT_OVER$BTN_ABOUT_UP$BTN_EXIT_DOWN$BTN_EXIT_OVER$BTN_EXIT_UP$BTN_PATCH_DOWN$BTN_PATCH_OVER$BTN_PATCH_UP$Courier New$Courier New
              • API String ID: 131015904-304106200
              • Opcode ID: 7d576bb1997b3cff159ca55f151cd1d53881dc75666106224138ebdff835794d
              • Instruction ID: 0a741bc7c90159709023421f6214a176a610dcae89ff235efd40c617bd3adeec
              • Opcode Fuzzy Hash: 7d576bb1997b3cff159ca55f151cd1d53881dc75666106224138ebdff835794d
              • Instruction Fuzzy Hash: F8B18333241307BFFB21BB65CE8AF593BA6FB00714F208610F5596B2E9D76A4413AB15
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              C-Code - Quality: 97%
              			E737F2B3E(struct HWND__* _a4, int _a8, struct HDC__* _a12, long _a16) {
              				struct tagRECT _v20;
              				struct tagPOINT _v28;
              				int _t21;
              				long _t22;
              				struct HWND__* _t27;
              				struct HWND__* _t28;
              				int _t35;
              				struct HWND__* _t37;
              				struct HWND__* _t41;
              				long _t45;
              				long _t52;
              
              				_t21 = _a8;
              				if(_t21 == 0x138) {
              					if( *0x737fd8b2 != 0) {
              						__eflags =  *0x737fe537 - 1;
              						if( *0x737fe537 != 1) {
              							_t45 = 0xff0000;
              						} else {
              							_t45 =  *0x737fe940;
              						}
              						SetTextColor(_a12, _t45);
              					} else {
              						if( *0x737fe537 != 1) {
              							_t52 = 0;
              						} else {
              							_t52 =  *0x737fe940;
              						}
              						SetTextColor(_a12, _t52);
              					}
              					SetBkMode(_a12, 1);
              					if( *0x737fe537 != 1) {
              						return CreateSolidBrush(GetSysColor(4));
              					} else {
              						if( *0x737fe93c == 0xffffffff) {
              							return GetStockObject(5);
              						}
              						return CreateSolidBrush( *0x737fe93c);
              					}
              				}
              				__eflags = _t21 - 0x200;
              				if(_t21 != 0x200) {
              					__eflags = _t21 - 0x202;
              					if(_t21 != 0x202) {
              						goto L28;
              					} else {
              						__eflags = _a4 -  *0x737fd8ae; // 0x7006c
              						if(__eflags != 0) {
              							goto L28;
              						} else {
              							ShellExecuteA(0, "open",  *0x737fd8b6, 0, 0, 3);
              							 *0x737fd8b2 = 0;
              							__eflags = 0;
              							return 0;
              						}
              					}
              				} else {
              					__eflags = _a4 -  *0x737fd8ae; // 0x7006c
              					if(__eflags != 0) {
              						L28:
              						_t22 = CallWindowProcA( *0x737fd8ba, _a4, _a8, _a12, _a16); // executed
              						return _t22;
              					} else {
              						_t27 = GetParent(_a4);
              						_t28 = GetActiveWindow();
              						__eflags = _t28 - _t27;
              						if(_t28 == _t27) {
              							GetCursorPos( &_v28);
              							GetWindowRect(_a4,  &_v20);
              							_push(_v28.y);
              							_t35 = PtInRect( &_v20, _v28);
              							__eflags = _t35;
              							if(_t35 == 0) {
              								_t37 = GetCapture();
              								__eflags = _t37;
              								if(_t37 != 0) {
              									ReleaseCapture();
              									 *0x737fd8b2 = 0;
              									InvalidateRect(_a4, 0, 0);
              								}
              							} else {
              								_t41 = GetCapture();
              								__eflags = _t41;
              								if(_t41 == 0) {
              									SetCapture(_a4);
              									 *0x737fd8b2 = 1;
              									InvalidateRect(_a4, 0, 0);
              								}
              							}
              						}
              						__eflags = 0;
              						return 0;
              					}
              				}
              				goto L29;
              			}














              0x737f2b47
              0x737f2b4f
              0x737f2b5c
              0x737f2b7e
              0x737f2b85
              0x737f2b8e
              0x737f2b87
              0x737f2b87
              0x737f2b87
              0x737f2b97
              0x737f2b5e
              0x737f2b65
              0x737f2b6e
              0x737f2b67
              0x737f2b67
              0x737f2b67
              0x737f2b77
              0x737f2b77
              0x737f2ba1
              0x737f2bad
              0x00000000
              0x737f2baf
              0x737f2bb6
              0x00000000
              0x737f2bc7
              0x00000000
              0x737f2bbe
              0x737f2bad
              0x737f2be5
              0x737f2bea
              0x737f2c90
              0x737f2c95
              0x00000000
              0x737f2c97
              0x737f2c9a
              0x737f2ca0
              0x00000000
              0x737f2ca2
              0x737f2cb5
              0x737f2cba
              0x737f2cc4
              0x737f2cc8
              0x737f2cc8
              0x737f2ca0
              0x737f2bf0
              0x737f2bf3
              0x737f2bf9
              0x737f2ccb
              0x737f2cdd
              0x737f2ce4
              0x737f2bff
              0x737f2c02
              0x737f2c09
              0x737f2c0e
              0x737f2c10
              0x737f2c16
              0x737f2c22
              0x737f2c27
              0x737f2c31
              0x737f2c36
              0x737f2c38
              0x737f2c63
              0x737f2c68
              0x737f2c6a
              0x737f2c6c
              0x737f2c71
              0x737f2c82
              0x737f2c82
              0x737f2c3a
              0x737f2c3a
              0x737f2c3f
              0x737f2c41
              0x737f2c46
              0x737f2c4b
              0x737f2c5c
              0x737f2c5c
              0x737f2c41
              0x737f2c38
              0x737f2c87
              0x737f2c8b
              0x737f2c8b
              0x737f2bf9
              0x00000000

              APIs
              • SetTextColor.GDI32(?,?), ref: 737F2B77
              • SetTextColor.GDI32(?,00FF0000), ref: 737F2B97
              • SetBkMode.GDI32(?,00000001), ref: 737F2BA1
              • CreateSolidBrush.GDI32(?), ref: 737F2BBE
              • GetStockObject.GDI32(00000005), ref: 737F2BC7
              • GetSysColor.USER32(00000004), ref: 737F2BD0
              • CreateSolidBrush.GDI32(00000000), ref: 737F2BD6
              • GetParent.USER32(?), ref: 737F2C02
              • GetActiveWindow.USER32 ref: 737F2C09
              • GetCursorPos.USER32(?,?), ref: 737F2C16
              • GetWindowRect.USER32 ref: 737F2C22
              • PtInRect.USER32(?,?,?), ref: 737F2C31
              • GetCapture.USER32 ref: 737F2C3A
              • SetCapture.USER32(?,?,?,?,?), ref: 737F2C46
              • InvalidateRect.USER32(?,00000000,00000000,?,?,?,?,?), ref: 737F2C5C
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: ColorRect$BrushCaptureCreateSolidTextWindow$ActiveCursorInvalidateModeObjectParentStock
              • String ID: open
              • API String ID: 1204622265-2758837156
              • Opcode ID: 812e7c06f61af32696c94299cb54f5ed587ec936da9c55ad46420289519474ee
              • Instruction ID: fbd4b7a1703f229ca6fe4eea3124b184c10db7d5e60a7c468f92bd3beb5c85d1
              • Opcode Fuzzy Hash: 812e7c06f61af32696c94299cb54f5ed587ec936da9c55ad46420289519474ee
              • Instruction Fuzzy Hash: D541533664420BABEB12AF54CD85F993BBAFB00314F248911F505A72E0E776D493EB25
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              C-Code - Quality: 91%
              			E00E71037() {
              				struct HRSRC__* _v8;
              				void* _v12;
              				long _v16;
              				char _v1040;
              				struct HRSRC__* _t24;
              				struct HINSTANCE__* _t26;
              				struct HINSTANCE__* _t27;
              				intOrPtr* _t29;
              				void* _t40;
              				void* _t44;
              				struct HINSTANCE__* _t45;
              				void* _t46;
              
              				 *0xe73030 = GetModuleHandleA(0);
              				_v12 = 0;
              				_t24 = FindResourceA(0, 0xe73000, 0xa);
              				if(_t24 != 0) {
              					_v8 = _t24;
              					_v16 = SizeofResource(0, _v8);
              					_t44 = LoadResource(0, _v8);
              					if(_t44 != 0) {
              						_v12 = _t44;
              					}
              				}
              				if(_v12 != 0) {
              					_t40 = VirtualAlloc(0, _v16, 0x1000, 4); // executed
              					_t46 = _t40;
              					RtlMoveMemory(_t46, _v12, _v16);
              					_v12 = _t46;
              					E00E71000(_t40, _v12, _v16, 0xdeadbeef);
              				}
              				if(_v12 != 0) {
              					GetTempPathA(0x400,  &_v1040);
              					lstrcatA( &_v1040, 0xe73004);
              					E00E71184( &_v1040, _v12, _v16); // executed
              				}
              				_t26 = LoadLibraryA( &_v1040); // executed
              				_t27 = _t26;
              				if(_t27 == 0) {
              					return _t27;
              				} else {
              					_t45 = _t27;
              					_t29 = GetProcAddress(_t45, 0xe73015);
              					if(_t29 != 0) {
              						 *_t29();
              					}
              					FreeLibrary(_t45);
              					return DeleteFileA( &_v1040);
              				}
              			}















              0x00e7104a
              0x00e7104f
              0x00e71064
              0x00e71066
              0x00e71068
              0x00e71075
              0x00e71082
              0x00e71084
              0x00e71086
              0x00e71086
              0x00e71084
              0x00e7108d
              0x00e7109b
              0x00e710a0
              0x00e710a9
              0x00e710ae
              0x00e710bc
              0x00e710bc
              0x00e710c5
              0x00e710d3
              0x00e710e4
              0x00e710f6
              0x00e710f6
              0x00e71102
              0x00e71107
              0x00e71109
              0x00e71134
              0x00e7110b
              0x00e7110b
              0x00e71118
              0x00e7111a
              0x00e7111c
              0x00e7111c
              0x00e7111f
              0x00000000
              0x00e7112b

              APIs
              • GetModuleHandleA.KERNEL32(00000000,?,?,?,?,00E71030), ref: 00E71045
              • FindResourceA.KERNEL32(00000000,00E73000,0000000A), ref: 00E7105F
              • SizeofResource.KERNEL32(00000000,?,00000000,?,?,?,?,00E71030), ref: 00E71070
              • LoadResource.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,?,00E71030), ref: 00E7107D
              • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,00000000,?,?,?,?,00E71030), ref: 00E7109B
              • RtlMoveMemory.KERNEL32(00000000,00000000,?,00000000,?,00001000,00000004,00000000,?,?,?,?,00E71030), ref: 00E710A9
              • GetTempPathA.KERNEL32(00000400,?,00000000,?,?,?,?,00E71030), ref: 00E710D3
              • lstrcatA.KERNEL32(?,00E73004,00000400,?,00000000,?,?,?,?,00E71030), ref: 00E710E4
              • LoadLibraryA.KERNEL32(?,00000000,?,?,?,?,00E71030), ref: 00E71102
              • GetProcAddress.KERNEL32(00000000,00E73015), ref: 00E71113
              • FreeLibrary.KERNEL32(00000000,?,00000000,?,?,?,?,00E71030), ref: 00E7111F
              • DeleteFileA.KERNEL32(?,00000000,?,00000000,?,?,?,?,00E71030), ref: 00E7112B
              Memory Dump Source
              • Source File: 00000001.00000002.462850559.0000000000E71000.00000020.00020000.sdmp, Offset: 00E70000, based on PE: true
              • Associated: 00000001.00000002.462825351.0000000000E70000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.462869955.0000000000E72000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.462883821.0000000000E74000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_e70000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Resource$LibraryLoad$AddressAllocDeleteFileFindFreeHandleMemoryModuleMovePathProcSizeofTempVirtuallstrcat
              • String ID:
              • API String ID: 528216020-0
              • Opcode ID: adb16ca4294f9f025f6212c3282c63587510d82680a06e726e46bfa751a6abf0
              • Instruction ID: 2c48c783a51e0d8c6e1381bf822e3efc56d326cb52ae4f6939d9c9212aa4ea46
              • Opcode Fuzzy Hash: adb16ca4294f9f025f6212c3282c63587510d82680a06e726e46bfa751a6abf0
              • Instruction Fuzzy Hash: 1D213075E01308BADF21ABF89C86F9DBBB9AB04744F50E0D1B308BA191DA714B85DB15
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              C-Code - Quality: 100%
              			E737F6089() {
              				char _v1028;
              				char _v3076;
              				char _v5124;
              				char _v5188;
              				struct HINSTANCE__* _t52;
              				intOrPtr* _t53;
              				int _t55;
              				void* _t56;
              				void* _t59;
              				char* _t60;
              				char* _t61;
              
              				GetTempPathA(0x400,  &_v3076);
              				GetCurrentDirectoryA(0x400,  &_v1028);
              				SetCurrentDirectoryA( &_v3076); // executed
              				_t59 = 0x7380263d;
              				_t56 = 0;
              				L5:
              				_t56 = _t56 + 1;
              				_t60 = E737F149B( *0x737fd8a2, _t56);
              				_t61 = _t60;
              				if(_t61 != 0) {
              					if( *_t61 == 0x18) {
              						_t5 = _t61 + 1; // 0x1
              						E737F2200(_t5,  &_v5188, 0x10);
              						lstrcpyA( &_v5124,  &_v3076);
              						lstrcatA( &_v5124, 0x737fd7eb);
              						lstrcatA( &_v5124,  &_v5188);
              						lstrcatA( &_v5124, ".dll");
              						if(E737F6D4C( &_v5124, E737F149B( *0x737fd8a2,  &_v5188),  *0x737fd880) != 0) {
              							_t52 = LoadLibraryA( &_v5124);
              							if(_t52 != 0) {
              								 *((intOrPtr*)(_t59 + 4)) = _t52;
              								_t17 = _t61 + 1; // 0x1
              								_t53 = _t17;
              								 *__edx =  *_t53;
              								 *_t19 =  *((intOrPtr*)(_t53 + 4));
              								 *_t21 =  *((intOrPtr*)(_t53 + 8));
              								 *_t23 =  *((intOrPtr*)(_t53 + 0xc));
              								_t59 = _t59 + 0x18;
              							}
              						}
              					}
              					goto L5;
              				}
              				_t55 = SetCurrentDirectoryA( &_v1028); // executed
              				return _t55;
              			}














              0x737f60a1
              0x737f60b2
              0x737f60be
              0x737f60c3
              0x737f60c8
              0x737f6194
              0x737f6194
              0x737f61a1
              0x737f61a3
              0x737f61a5
              0x737f60d7
              0x737f60e6
              0x737f60ea
              0x737f60fd
              0x737f610e
              0x737f6121
              0x737f6132
              0x737f6160
              0x737f616e
              0x737f6170
              0x737f6172
              0x737f6178
              0x737f6178
              0x737f617d
              0x737f6182
              0x737f6188
              0x737f618e
              0x737f6191
              0x737f6191
              0x737f6170
              0x737f6160
              0x00000000
              0x737f60d7
              0x737f61b2
              0x737f61bb

              APIs
              • GetTempPathA.KERNEL32(00000400,?,00000000,?,00000000,?,737F3277,00000000,000000CA,73804E3D,0000000F,73804E3D,00000400,00000000,00000000,000000C9), ref: 737F60A1
              • GetCurrentDirectoryA.KERNEL32(00000400,?,00000400,?,00000000,?,00000000,?,737F3277,00000000,000000CA,73804E3D,0000000F,73804E3D,00000400,00000000), ref: 737F60B2
              • lstrcpyA.KERNEL32(?,?,00000001,?,00000010,00000001,?,00000400,?,00000400,?,00000000,?,00000000,?,737F3277), ref: 737F60FD
              • lstrcatA.KERNEL32(?,737FD7EB,?,?,00000001,?,00000010,00000001,?,00000400,?,00000400,?,00000000,?,00000000), ref: 737F610E
              • lstrcatA.KERNEL32(?,?,?,737FD7EB,?,?,00000001,?,00000010,00000001,?,00000400,?,00000400,?,00000000), ref: 737F6121
              • lstrcatA.KERNEL32(?,.dll,?,?,?,737FD7EB,?,?,00000001,?,00000010,00000001,?,00000400,?,00000400), ref: 737F6132
              • LoadLibraryA.KERNEL32(?,?,00000000,?,?,.dll,?,?,?,737FD7EB,?,?,00000001,?,00000010,00000001), ref: 737F6169
              • SetCurrentDirectoryA.KERNEL32(?,00000400,?,00000400,?,00000000,?,00000000,?,737F3277,00000000,000000CA,73804E3D,0000000F,73804E3D,00000400), ref: 737F60BE
                • Part of subcall function 737F149B: FindResourceA.KERNEL32(?,737F1479,0000000A), ref: 737F14B1
              • SetCurrentDirectoryA.KERNEL32(?,00000002,?,?,?,?,?,00000000,?,?,.dll,?,?,?,737FD7EB,?), ref: 737F61B2
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: CurrentDirectorylstrcat$FindLibraryLoadPathResourceTemplstrcpy
              • String ID: .dll
              • API String ID: 4090242041-2738580789
              • Opcode ID: 71f960285c701b6239fa650c37ea89c4edb15aa5dd2daff56924231a547b4a0e
              • Instruction ID: cc706680c5b2b8c8fb46a4b95bd30d5429eda25e476905bcec814ed06e620844
              • Opcode Fuzzy Hash: 71f960285c701b6239fa650c37ea89c4edb15aa5dd2daff56924231a547b4a0e
              • Instruction Fuzzy Hash: 7A31527680021AAFDB11DBA1CD88FEAB7BDFB08354F188596E30597160E730DA56DF60
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              C-Code - Quality: 100%
              			E737F424C(long __ecx, void* __edx) {
              				CHAR* _t5;
              				int _t10;
              				long _t15;
              				void* _t16;
              
              				_t16 = __edx;
              				_t15 = __ecx;
              				 *0x737fe95c = E737F7040(0x737fe95f, "silent", 0);
              				 *0x737fe95d = E737F7040(0x737fe95f, "backup", 0);
              				 *0x737fe95e = E737F7040(0x737fe95f, "overwrite", 0);
              				if(E737F7040(0x737fe95f, "startupworkdir", 0x737fd911) != 1) {
              					_t5 = 0;
              				} else {
              					ExpandEnvironmentStringsA(0x737fd911, 0x737fe95f, 0x400);
              					_t5 = 0x737fe95f;
              				}
              				E737F70B0(_t5);
              				if(E737F7040(0x737fe95f, "setvar", 0x737fd911) == 1) {
              					ExpandEnvironmentStringsA(0x737fd911, 0x737fed5f, 0x400);
              					SetEnvironmentVariableA("dup2_cmd_var", 0x737fed5f);
              				}
              				if( *0x737fe95c != 0) {
              					E737F5AFE();
              					E737F6089();
              					_t10 = E737F62CD(_t15, _t16);
              				} else {
              					_t10 = DialogBoxParamA( *0x737fd8a2, 1, 0, E737F2DD0, 0); // executed
              				}
              				return _t10;
              			}







              0x737f424c
              0x737f424c
              0x737f426f
              0x737f4281
              0x737f4293
              0x737f42aa
              0x737f42c5
              0x737f42ac
              0x737f42bc
              0x737f42c1
              0x737f42c1
              0x737f42c8
              0x737f42df
              0x737f42f0
              0x737f42ff
              0x737f42ff
              0x737f430b
              0x737f4325
              0x737f432a
              0x737f432f
              0x737f430d
              0x737f431e
              0x737f431e
              0x737f4337

              APIs
                • Part of subcall function 737F7040: lstrlenA.KERNEL32(?), ref: 737F7052
                • Part of subcall function 737F7040: CompareStringA.KERNEL32(00000000,00000001,?,00000000,?,00000000,?), ref: 737F706C
              • ExpandEnvironmentStringsA.KERNEL32(737FD911,737FE95F,00000400,737FD668, /help : show help menu,737FD413,00000000,AttachConsole,kernel32.dll,73802199,?,?,?,737F210E), ref: 737F42BC
              • ExpandEnvironmentStringsA.KERNEL32(737FD911,737FED5F,00000400,737FD668, /help : show help menu,737FD413,00000000,AttachConsole,kernel32.dll,73802199,?,?,?,737F210E), ref: 737F42F0
              • SetEnvironmentVariableA.KERNEL32(dup2_cmd_var,737FED5F,737FD911,737FED5F,00000400,737FD668, /help : show help menu,737FD413,00000000,AttachConsole,kernel32.dll,73802199,?,?,?,737F210E), ref: 737F42FF
              • DialogBoxParamA.USER32 ref: 737F431E
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Environment$ExpandStrings$CompareDialogParamStringVariablelstrlen
              • String ID: backup$dup2_cmd_var$overwrite$setvar$silent$startupworkdir
              • API String ID: 3077006360-2026149501
              • Opcode ID: 10cc1136bd9c567e2faece5eb04014b9de90c9564deb6a1b15d5bccd4390602e
              • Instruction ID: b449f082dc92763b7ca9498352d7622a9b0e966d82ff81b78d273ad749958e8b
              • Opcode Fuzzy Hash: 10cc1136bd9c567e2faece5eb04014b9de90c9564deb6a1b15d5bccd4390602e
              • Instruction Fuzzy Hash: 1601D42334A3A73FF62276651D8AF491715BF011A0F244251BAE43F78F8B4952431A6F
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 532 e71184-e711a7 CreateFileA 533 e711af-e711da WriteFile FlushFileBuffers CloseHandle 532->533 534 e711a9-e711ac 532->534
              C-Code - Quality: 100%
              			E00E71184(CHAR* _a4, void* _a8, long _a12) {
              				void* _v8;
              				long _v12;
              				void* _t10;
              
              				_t10 = CreateFileA(_a4, 0x40000000, 0, 0, 2, 0x80, 0); // executed
              				if(_t10 != 0xffffffff) {
              					_v8 = _t10;
              					WriteFile(_v8, _a8, _a12,  &_v12, 0); // executed
              					FlushFileBuffers(_v8);
              					CloseHandle(_v8); // executed
              					return _v12;
              				} else {
              					return 0;
              				}
              			}






              0x00e7119f
              0x00e711a7
              0x00e711af
              0x00e711c1
              0x00e711c9
              0x00e711d1
              0x00e711da
              0x00e711a9
              0x00e711ac
              0x00e711ac

              APIs
              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00E7119F
              • WriteFile.KERNEL32(?,?,?,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00E711C1
              • FlushFileBuffers.KERNEL32(?,?,?,?,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00E711C9
              • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00E711D1
              Memory Dump Source
              • Source File: 00000001.00000002.462850559.0000000000E71000.00000020.00020000.sdmp, Offset: 00E70000, based on PE: true
              • Associated: 00000001.00000002.462825351.0000000000E70000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.462869955.0000000000E72000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.462883821.0000000000E74000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_e70000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: File$BuffersCloseCreateFlushHandleWrite
              • String ID:
              • API String ID: 4137531733-0
              • Opcode ID: 9e4eea78fea8035dff0c9a245fbff7687304ebd2cbbbc0792616a57573c032c8
              • Instruction ID: 8b4f3ecce53312f3376449cf0c42468f4ab620470f564e407f4b185c239dc3ca
              • Opcode Fuzzy Hash: 9e4eea78fea8035dff0c9a245fbff7687304ebd2cbbbc0792616a57573c032c8
              • Instruction Fuzzy Hash: A3F01231A41209FADF11DBA4DC03F9D7BA5AB10714F608291B714B90E1DB719B10A748
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 535 737f6d14-737f6d47 GetStdHandle call 737f6db0 WriteFile
              C-Code - Quality: 100%
              			E737F6D14(void* _a4) {
              				void* _v8;
              				long _v12;
              				long _v16;
              
              				_v8 = GetStdHandle(0xfffffff5);
              				_v16 = E737F6DB0(_a4);
              				WriteFile(_v8, _a4, _v16,  &_v12, 0); // executed
              				return _v12;
              			}






              0x737f6d21
              0x737f6d2c
              0x737f6d3e
              0x737f6d47

              APIs
              • GetStdHandle.KERNEL32(000000F5), ref: 737F6D1C
              • WriteFile.KERNEL32(?,?,?,?,00000000,?,000000F5), ref: 737F6D3E
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: FileHandleWrite
              • String ID:
              • API String ID: 3320372497-0
              • Opcode ID: d844ca47285880180042dfa4e4d52d8a159a6f81d82256ef4095a53a5612f731
              • Instruction ID: 653eea19483a6179ec8e366370aeb812120c9d35e6afc3dcfc0a061e220fdfb1
              • Opcode Fuzzy Hash: d844ca47285880180042dfa4e4d52d8a159a6f81d82256ef4095a53a5612f731
              • Instruction Fuzzy Hash: FFE0B67181020EBBEF019F94CD45EDDBBB9EF04214F1082A1AA20A62A0DB319B529F91
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              APIs
              • lstrcpyA.KERNEL32(?,?,00000001,?,00000010,00000001,?,00000400,?,00000400,?,00000000,?,00000000,?,737F3277), ref: 737F60FD
              • lstrcatA.KERNEL32(?,737FD7EB,?,?,00000001,?,00000010,00000001,?,00000400,?,00000400,?,00000000,?,00000000), ref: 737F610E
              • lstrcatA.KERNEL32(?,?,?,737FD7EB,?,?,00000001,?,00000010,00000001,?,00000400,?,00000400,?,00000000), ref: 737F6121
              • lstrcatA.KERNEL32(?,.dll,?,?,?,737FD7EB,?,?,00000001,?,00000010,00000001,?,00000400,?,00000400), ref: 737F6132
              • LoadLibraryA.KERNEL32(?,?,00000000,?,?,.dll,?,?,?,737FD7EB,?,?,00000001,?,00000010,00000001), ref: 737F6169
              • SetCurrentDirectoryA.KERNEL32(?,00000002,?,?,?,?,?,00000000,?,?,.dll,?,?,?,737FD7EB,?), ref: 737F61B2
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: lstrcat$CurrentDirectoryLibraryLoadlstrcpy
              • String ID:
              • API String ID: 4016003455-0
              • Opcode ID: 0fdb54018df8c61cbcbeb0529b635f0d58d38805439b09ef322efc249f09163e
              • Instruction ID: 8b5ffe1da4b1216d8e0bc084244f59cd5cd7a7f436758f2037246c88bf622135
              • Opcode Fuzzy Hash: 0fdb54018df8c61cbcbeb0529b635f0d58d38805439b09ef322efc249f09163e
              • Instruction Fuzzy Hash: ADB09B7790013506DF2252546944F88536CB780268F14C152C741E32445560C5475650
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 554 737f2be0 555 737f2ccb-737f2ce4 CallWindowProcA 554->555
              APIs
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: CallProcWindow
              • String ID:
              • API String ID: 2714655100-0
              • Opcode ID: 74ac63770d814e60e2971b664a2bd620f7ce3c808657e04a23bbd4878ab08afb
              • Instruction ID: 638fc338c1a077e74bb5da5659f8a67be485b0abe936fba7070b222d205a1f5e
              • Opcode Fuzzy Hash: 74ac63770d814e60e2971b664a2bd620f7ce3c808657e04a23bbd4878ab08afb
              • Instruction Fuzzy Hash: 5AC0023700014EBBDF039F84DE50A893FA2FB58354B108805FA5515174C277C572FB15
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 556 737f2c8e-737f2ce4 CallWindowProcA
              APIs
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: CallProcWindow
              • String ID:
              • API String ID: 2714655100-0
              • Opcode ID: 8342f1d99c17436265265c77f9ff495982ecde6fa2793b5e8d6addbcfe694b20
              • Instruction ID: 638fc338c1a077e74bb5da5659f8a67be485b0abe936fba7070b222d205a1f5e
              • Opcode Fuzzy Hash: 8342f1d99c17436265265c77f9ff495982ecde6fa2793b5e8d6addbcfe694b20
              • Instruction Fuzzy Hash: 5AC0023700014EBBDF039F84DE50A893FA2FB58354B108805FA5515174C277C572FB15
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              C-Code - Quality: 47%
              			E737F4616(intOrPtr* _a4) {
              				signed int _v8;
              				struct _SECURITY_ATTRIBUTES* _v12;
              				struct _SYSTEM_INFO _v48;
              				void* _v52;
              				void* _v56;
              				void* _v60;
              				long _v64;
              				long _v68;
              				long _v72;
              				long _v76;
              				long _v80;
              				intOrPtr _v88;
              				intOrPtr _v92;
              				intOrPtr _v96;
              				void* _t65;
              				void* _t70;
              				void* _t75;
              				signed int _t82;
              				intOrPtr _t85;
              				intOrPtr _t86;
              				signed int _t88;
              				signed int _t93;
              				void* _t95;
              				intOrPtr* _t99;
              				signed int* _t100;
              
              				_v8 = 0;
              				GetSystemInfo( &_v48);
              				_t85 = _v48.dwAllocationGranularity;
              				_v88 = _t85;
              				_t86 = _t85 + _t85;
              				_v92 = _t86;
              				_v96 = _t86 + _v48.dwAllocationGranularity;
              				_t99 = _a4;
              				_t65 = CreateFileA(0x737fd911, 0xc0000000, 2, 0, 3, 0x82, 0);
              				if(_t65 != 0xffffffff) {
              					_v52 = _t65;
              					_v64 = GetFileSize(_v52,  &_v68);
              					_t70 = CreateFileMappingA(_v52, 0, 4, 0, 0, 0);
              					if(_t70 != 0) {
              						_v56 = _t70;
              						E737F22C0("trying large file patchmode");
              						do {
              							_v72 = 0;
              							_v76 = 0;
              							_t100 =  *((intOrPtr*)(_t99 + 0x16)) + _t99;
              							_push(_v96);
              							_pop( *_t20);
              							_v12 = 0;
              							while(1) {
              								_t75 = MapViewOfFile(_v56, 2, _v76, _v72, _v80);
              								if(_t75 == 0) {
              									break;
              								}
              								_v60 = _t75;
              								_t88 =  *_t100;
              								_t93 = _t100[1];
              								if(_t93 != 0xffffffff) {
              									_t93 = _t93 - _v12;
              								}
              								_push(_t93);
              								if(_v80 == 0) {
              									_t95 = _v64 - _v72;
              								} else {
              									_t95 = _v92 + _t88 - 1;
              								}
              								_push(_t95);
              								_push(_t88);
              								_push(_t100 + 8 + _t88 * 2 + _t88);
              								_push(_t100 + 8 + _t88 * 2);
              								_push( &(_t100[2]) + _t88);
              								_push( &(_t100[2]));
              								_push(_v60);
              								_t82 = E737F6740();
              								_v12 = _v12 + _t82;
              								_v8 = _v8 | _t82;
              								UnmapViewOfFile(_v60);
              								if(_v80 != 0) {
              									_v72 = _v72 + _v92;
              									asm("adc [ebp-0x48], edx");
              									if(_v76 == _v68 && _v72 + _v80 >= _v64) {
              										_v80 = 0;
              									}
              									continue;
              								} else {
              									goto L11;
              								}
              								goto L18;
              							}
              							break;
              							L11:
              							_t99 = _t100 + 8 +  *_t100 * 4;
              						} while ( *_t99 != 0);
              						L18:
              						CloseHandle(_v56);
              					}
              					CloseHandle(_v52);
              				}
              				return _v8;
              			}




























              0x737f461f
              0x737f462a
              0x737f462f
              0x737f4632
              0x737f4635
              0x737f4637
              0x737f463d
              0x737f4640
              0x737f465a
              0x737f4662
              0x737f4668
              0x737f4677
              0x737f468c
              0x737f468e
              0x737f4694
              0x737f469c
              0x737f46a1
              0x737f46a1
              0x737f46a8
              0x737f46b2
              0x737f46b5
              0x737f46b8
              0x737f46bb
              0x737f46c2
              0x737f46d5
              0x737f46d7
              0x00000000
              0x00000000
              0x737f46d9
              0x737f46dc
              0x737f46de
              0x737f46e4
              0x737f46e6
              0x737f46e6
              0x737f46e9
              0x737f46ee
              0x737f46fd
              0x737f46f0
              0x737f46f5
              0x737f46f5
              0x737f4700
              0x737f4701
              0x737f4708
              0x737f470d
              0x737f4712
              0x737f4716
              0x737f4717
              0x737f471a
              0x737f471f
              0x737f4722
              0x737f4728
              0x737f4731
              0x737f4741
              0x737f4744
              0x737f474d
              0x737f475a
              0x737f475a
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x737f4731
              0x00000000
              0x737f4733
              0x737f4768
              0x737f476c
              0x737f4775
              0x737f4778
              0x737f4778
              0x737f4780
              0x737f4780
              0x737f478e

              APIs
              • GetSystemInfo.KERNEL32(?,00000001,?,?), ref: 737F462A
              • CreateFileA.KERNEL32(737FD911,C0000000,00000002,00000000,00000003,00000082,00000000,?,00000001,?,?), ref: 737F465A
              • GetFileSize.KERNEL32(?,?,737FD911,C0000000,00000002,00000000,00000003,00000082,00000000,?,00000001,?,?), ref: 737F4672
              • CreateFileMappingA.KERNEL32 ref: 737F4687
              • CloseHandle.KERNEL32(?,?,00000000,00000004,00000000,00000000,00000000,?,?,737FD911,C0000000,00000002,00000000,00000003,00000082,00000000), ref: 737F4780
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000180,00000000,?), ref: 737F22D9
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,0000018B,00000000,00000000), ref: 737F22E8
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000186,-00000001,00000000), ref: 737F22F7
              • MapViewOfFile.KERNEL32(?,00000002,?,?,?,?,?,00000000,00000004,00000000,00000000,00000000,?,?,737FD911,C0000000), ref: 737F46D0
              • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000002,?,?,?,?,?), ref: 737F4728
              • CloseHandle.KERNEL32(?,?,00000002,?,?,?,?,?,00000000,00000004,00000000,00000000,00000000,?,?,737FD911), ref: 737F4778
              Strings
              • trying large file patchmode, xrefs: 737F4697
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: File$MessageSend$CloseCreateHandleView$InfoMappingSizeSystemUnmap
              • String ID: trying large file patchmode
              • API String ID: 3390188210-199533899
              • Opcode ID: 57292c5222bd15be4bb17c4e058e65a3e469bed5f58043a065835700d1589cb7
              • Instruction ID: b372732b82fab83d12449c03193f0da9bbc39ff392c986886541a0ca9f20e89a
              • Opcode Fuzzy Hash: 57292c5222bd15be4bb17c4e058e65a3e469bed5f58043a065835700d1589cb7
              • Instruction Fuzzy Hash: 9B41F275E00219AFEB21CF94CD85FDDBBB6BF44314F208229E512A7294D770A956CB50
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 90%
              			E737F71E0(CHAR* _a4) {
              				signed char _v5;
              				int _t6;
              				void* _t9;
              				void* _t12;
              				int _t17;
              				void* _t19;
              				void* _t20;
              				CHAR* _t22;
              
              				asm("pushad");
              				_v5 = 0;
              				_t22 = _a4;
              				if(_t22 == 0) {
              					L8:
              					asm("popad");
              					return _v5 & 0x000000ff;
              				}
              				_t6 = lstrlenA(_t22);
              				if(_t6 == 0) {
              					goto L8;
              				}
              				_t17 = _t6;
              				if(OpenClipboard(0) != 1) {
              					goto L8;
              				}
              				_t9 = GlobalAlloc(0x2042, _t17 + 2);
              				if(_t9 != 0) {
              					_t19 = _t9;
              					_t12 = GlobalLock(_t19);
              					if(_t12 != 0) {
              						_t20 = _t12;
              						lstrcpyA(_t20, _t22);
              						if(EmptyClipboard() == 1) {
              							GlobalUnlock(_t20);
              							SetClipboardData(1, _t19);
              						}
              					}
              				}
              				CloseClipboard();
              				goto L8;
              			}











              0x737f71e6
              0x737f71e7
              0x737f71ee
              0x737f71f0
              0x737f724e
              0x737f724e
              0x737f7254
              0x737f7254
              0x737f71f8
              0x737f71fa
              0x00000000
              0x00000000
              0x737f71fc
              0x737f7208
              0x00000000
              0x00000000
              0x737f7218
              0x737f721a
              0x737f721c
              0x737f7224
              0x737f7226
              0x737f7228
              0x737f722c
              0x737f7239
              0x737f723c
              0x737f7244
              0x737f7244
              0x737f7239
              0x737f7226
              0x737f7249
              0x00000000

              APIs
              • lstrlenA.KERNEL32(?), ref: 737F71F3
              • OpenClipboard.USER32(00000000), ref: 737F7200
              • GlobalAlloc.KERNEL32(00002042,00000000,?), ref: 737F7213
              • GlobalLock.KERNEL32 ref: 737F721F
              • lstrcpyA.KERNEL32(00000000,?,00000000,00002042,00000000,?), ref: 737F722C
              • EmptyClipboard.USER32(00000000,?,00000000,00002042,00000000,?), ref: 737F7231
              • GlobalUnlock.KERNEL32(00000000,00000000,?,00000000,00002042,00000000,?), ref: 737F723C
              • SetClipboardData.USER32 ref: 737F7244
              • CloseClipboard.USER32(00002042,00000000,?), ref: 737F7249
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Clipboard$Global$AllocCloseDataEmptyLockOpenUnlocklstrcpylstrlen
              • String ID:
              • API String ID: 3593921032-0
              • Opcode ID: f65672604a2f745d15c385fb6336e8c6269afb21dd57a671da69c886c963b2d9
              • Instruction ID: 6fbc019d52efac9ce510337825ebcd0822c162abcc6aea73920d9eb9cbc15303
              • Opcode Fuzzy Hash: f65672604a2f745d15c385fb6336e8c6269afb21dd57a671da69c886c963b2d9
              • Instruction Fuzzy Hash: D7F0966092835727F68216B11E4EB3E257C7B02694F146050F942DF3C2DD95C90349B2
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F6CE0(CHAR* _a4) {
              				struct _WIN32_FIND_DATAA _v322;
              				void* _t5;
              
              				_t5 = FindFirstFileA(_a4,  &_v322);
              				if(_t5 != 0xffffffff) {
              					FindClose(_t5);
              					return _v322.nFileSizeLow;
              				}
              				return 0xffffffff;
              			}





              0x737f6cf3
              0x737f6cfb
              0x737f6d05
              0x00000000
              0x737f6d0a
              0x00000000

              APIs
              • FindFirstFileA.KERNEL32(?,?), ref: 737F6CF3
              • FindClose.KERNEL32(00000000,?,?), ref: 737F6D05
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Find$CloseFileFirst
              • String ID:
              • API String ID: 2295610775-0
              • Opcode ID: 979f0add1b60af9980b8b1f71a2e6074693626d1f880305a576188f58626c3e1
              • Instruction ID: 328aab49f5f44562aa6f9b3af54ae2ed478a800b27a5dc6a54bf286a6fae9946
              • Opcode Fuzzy Hash: 979f0add1b60af9980b8b1f71a2e6074693626d1f880305a576188f58626c3e1
              • Instruction Fuzzy Hash: E2D05E7040020A97DE21A6789C45FCD72AC7F00234F104351B634E73D0DB30DA928A55
              Uniqueness

              Uniqueness Score: -1.00%

              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dcb5bf11719dfb7d8345b443e493c51a8562ee6732a56723bd2929d01d80a0b9
              • Instruction ID: 64448f4b601495b0429feef7e9ee5ccb72f885e8514f94d93daf5040ae7610af
              • Opcode Fuzzy Hash: dcb5bf11719dfb7d8345b443e493c51a8562ee6732a56723bd2929d01d80a0b9
              • Instruction Fuzzy Hash: AE22EC9613BFB919FBC3E4658654E33D1C4AF9C04FA044D394A11EA594AF3FA68F2138
              Uniqueness

              Uniqueness Score: -1.00%

              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c2fdbb7f3b959605be436179104de23f53bc535b939b1c74661386d7fb31baa5
              • Instruction ID: 41a74a7727af5cda6f33853420d3ea4cc4c71d1c8512a5e33fa422f2b43a24ea
              • Opcode Fuzzy Hash: c2fdbb7f3b959605be436179104de23f53bc535b939b1c74661386d7fb31baa5
              • Instruction Fuzzy Hash: 4722E7337A5A1F4AD3689D6ACC823B97293DBC1719F7DC7398404C6DC9E57E824E5210
              Uniqueness

              Uniqueness Score: -1.00%

              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 712d0494bc5436a3f9572134138d784fb4ad231efa96c8356ab6ef0138e004d7
              • Instruction ID: e345fdb63395cfc045f3cb37b8bbd55eaa0332891571d9721bd2b8d21842983a
              • Opcode Fuzzy Hash: 712d0494bc5436a3f9572134138d784fb4ad231efa96c8356ab6ef0138e004d7
              • Instruction Fuzzy Hash: 2002407398560B4BEB1CCD26CCC1AD57393B7D82A871BD27C9829C7644EE7CE64B8640
              Uniqueness

              Uniqueness Score: -1.00%

              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f15a1cd23abbcb8dc1570f1c80baec6ab94aad62574a5b7e492d7337cf3acec0
              • Instruction ID: c4221fbf32e8aa44d2cb73fc9b33d8a96ce4694932cee3ce0f467ed5c740f81b
              • Opcode Fuzzy Hash: f15a1cd23abbcb8dc1570f1c80baec6ab94aad62574a5b7e492d7337cf3acec0
              • Instruction Fuzzy Hash: 401167325006029BE722DB14C945BAAF7FAFF40304B69886DD4D6A3680E334AA96E750
              Uniqueness

              Uniqueness Score: -1.00%

              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 761b5e175e292ec1bb657823413b4652a7c9bc98c229b0e9673dc1eddbf72874
              • Instruction ID: 86c1b4849cf05606dd644e77457a4400b7c02d76e8771ea65641cc22be9b581c
              • Opcode Fuzzy Hash: 761b5e175e292ec1bb657823413b4652a7c9bc98c229b0e9673dc1eddbf72874
              • Instruction Fuzzy Hash: BFC00277051440EEEE4F0B00E91A9A0BB26E708635734448EE005444A2ABB76823E900
              Uniqueness

              Uniqueness Score: -1.00%

              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d5ad59243ed67fd5ebd3e5a5964d2427436f1d77b68934569e614c548b996b07
              • Instruction ID: d88deb7aae4bc3267eef166ebb9a50d9359ae9dcda92f38d610eaaa2bea61a9a
              • Opcode Fuzzy Hash: d5ad59243ed67fd5ebd3e5a5964d2427436f1d77b68934569e614c548b996b07
              • Instruction Fuzzy Hash: 3FA01273011440DDEA0B0700E915A907725E304531F34044EE0064085097571821E400
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 558 737f5b9c-737f5bb9 559 737f5bbb call 737f40cf 558->559 560 737f5bc0-737f5bf6 ExpandEnvironmentStringsA * 2 558->560 559->560 562 737f5c16-737f5c19 560->562 563 737f5c1b-737f5c25 562->563 564 737f5bf8-737f5bfb 562->564 566 737f5c27-737f5c49 GetModuleFileNameA call 737f226a 563->566 567 737f5c76-737f5ca0 LoadStringA call 737f22c0 * 2 563->567 564->562 565 737f5bfd-737f5c14 call 737f6ea0 lstrcpyA 564->565 565->563 575 737f5c5c-737f5c71 lstrcatA lstrcpyA 566->575 576 737f5c4b-737f5c57 lstrcatA 566->576 578 737f5cab-737f5cb2 567->578 579 737f5ca2-737f5ca9 567->579 575->567 576->575 581 737f5cee 578->581 582 737f5cb4-737f5cec lstrcpyA call 737f226a call 737f6ea0 call 737f7100 578->582 579->578 580 737f5cf8-737f5d05 GetFileAttributesA 579->580 584 737f5d0b-737f5d12 580->584 585 737f5dc3-737f5dc7 580->585 583 737f5cf0-737f5cf2 581->583 582->583 583->580 587 737f602e-737f6032 583->587 588 737f5d16-737f5d1d 584->588 589 737f5d14 584->589 590 737f5dc9-737f5dcd 585->590 591 737f5df4-737f5e06 call 737f6d4c 585->591 598 737f603c-737f6078 SetEnvironmentVariableA lstrcpyA call 737f226a SetEnvironmentVariableA 587->598 599 737f6034-737f6037 call 737f2368 587->599 595 737f5d1f-737f5d49 LoadStringA MessageBoxA 588->595 596 737f5d4b-737f5d52 588->596 593 737f5d65-737f5d9b call 737f2313 SetFileAttributesA LoadStringA call 737f22c0 589->593 590->591 594 737f5dcf-737f5def lstrcpyA call 737f226a call 737f7170 590->594 612 737f5e3d-737f5e42 591->612 613 737f5e08-737f5e11 GetFileAttributesA 591->613 593->585 594->591 602 737f5d60-737f5d63 595->602 603 737f5d5b 596->603 604 737f5d54-737f5d59 596->604 624 737f607f-737f6086 598->624 625 737f607a call 737f40fa 598->625 599->598 602->593 611 737f5d9d-737f5dbe LoadStringA call 737f22c0 602->611 603->602 604->602 611->587 618 737f5e44-737f5e4e SetFileAttributesA 612->618 619 737f5e71-737f5e78 612->619 613->587 621 737f5e17-737f5e38 LoadStringA call 737f22c0 613->621 618->619 628 737f5e50-737f5e6c LoadStringA call 737f22c0 618->628 629 737f5e7e-737f5ea3 LoadStringA call 737f22c0 619->629 630 737f6006-737f6027 LoadStringA call 737f22c0 619->630 621->587 625->624 628->619 639 737f5eca-737f5ed0 629->639 640 737f5ea5-737f5ec5 lstrcpyA call 737f226a SetCurrentDirectoryA 629->640 630->587 642 737f5ed6-737f5ee8 ExpandEnvironmentStringsA 639->642 643 737f5ed2-737f5ed4 639->643 640->639 645 737f5eee-737f5ef5 642->645 643->645 646 737f5efb-737f5f2c RtlZeroMemory * 2 lstrcpyA 645->646 647 737f5fc4-737f5fd1 ShellExecuteA 645->647 649 737f5f2e-737f5f5e GetCurrentDirectoryA lstrcatA * 2 646->649 650 737f5f63-737f5fc2 lstrcatA * 3 CreateProcessA WaitForSingleObject 646->650 648 737f5fd6-737f5fdd 647->648 648->630 651 737f5fdf-737f6001 LoadStringA call 737f22c0 DeleteFileA 648->651 649->650 650->648 651->630
              C-Code - Quality: 93%
              			E737F5B9C(intOrPtr _a4) {
              				struct _SECURITY_ATTRIBUTES* _v8;
              				char _v9;
              				char _v1033;
              				char _v2057;
              				char _v3081;
              				struct _STARTUPINFOA _v3152;
              				struct _PROCESS_INFORMATION _v3168;
              				long _t79;
              				signed int _t83;
              				long _t100;
              				int _t139;
              				int _t151;
              				char _t178;
              				CHAR* _t179;
              				CHAR* _t180;
              				intOrPtr _t183;
              				void* _t185;
              
              				_v8 = 0;
              				_t183 = _a4;
              				if(( *(_t183 + 0xd) & 0x00000020) != 0) {
              					E737F40CF();
              				}
              				ExpandEnvironmentStringsA(_t183 + 0x421,  &_v1033, 0x400);
              				_t79 = ExpandEnvironmentStringsA( &_v1033, 0x737fd911, 0x400);
              				_push(_t183);
              				_t178 = 0;
              				while( *0x737fd911 != 0) {
              					asm("lodsb");
              					__eflags = _t79 - 0x25;
              					if(__eflags != 0) {
              						continue;
              					} else {
              						lstrcpyA(0x737fd911, E737F6EA0(0x737fd911));
              						_t178 = 1;
              						break;
              					}
              				}
              				_pop(_t185);
              				_t188 =  *0x737FD912 - 0x3a;
              				if( *0x737FD912 != 0x3a) {
              					GetModuleFileNameA(0,  &_v1033, 0x400);
              					E737F226A(_t188,  &_v1033);
              					if( *0x737fd911 != 0x5c) {
              						lstrcatA( &_v1033, 0x737fd7a9);
              					}
              					lstrcatA( &_v1033, 0x737fd911);
              					lstrcpyA(0x737fd911,  &_v1033);
              				}
              				LoadStringA( *0x737fd8a2, 5, 0x7380e645, 0x400);
              				E737F22C0(0x7380e645);
              				E737F22C0(0x737fd911);
              				if(_t178 == 1 || ( *(_t185 + 0xd) & 0x00000001) != 0) {
              					_t192 =  *0x737fe95c;
              					if( *0x737fe95c != 0) {
              						_t83 = 0;
              						__eflags = 0;
              					} else {
              						lstrcpyA( &_v1033, 0x737fd911);
              						E737F226A(_t192,  &_v1033);
              						_t83 = E737F7100(0x737fd911, "All Files",  &_v1033,  *0x737fd8a6, E737F6EA0(0x737fd911));
              					}
              					if(_t83 == 0) {
              						goto L50;
              					} else {
              						goto L16;
              					}
              				} else {
              					L16:
              					_v9 = 0;
              					if(GetFileAttributesA(0x737fd911) == 0xffffffff) {
              						L27:
              						if( *((char*)(0x737fd912)) == 0x3a) {
              							_t197 =  *0x737FD913 - 0x5c;
              							if( *0x737FD913 == 0x5c) {
              								lstrcpyA( &_v1033, 0x737fd911);
              								E737F226A(_t197,  &_v1033);
              								E737F7170( &_v1033);
              							}
              						}
              						_t31 = _t185 + 5; // 0x0
              						_t33 = _t185 + 1; // 0x0
              						if(E737F6D4C(0x737fd911,  *_t31 + _t185,  *_t33) != 0) {
              							_t34 = _t185 + 9; // 0x0
              							_t100 =  *_t34;
              							__eflags = _t100;
              							if(_t100 != 0) {
              								_t139 = SetFileAttributesA(0x737fd911, _t100);
              								__eflags = _t139 - 1;
              								if(_t139 == 1) {
              									LoadStringA( *0x737fd8a2, 0x2c, 0x7380fa45, 0x400);
              									E737F22C0(0x7380fa45);
              								}
              							}
              							__eflags =  *(_t185 + 0xd) & 0x00000002;
              							if(( *(_t185 + 0xd) & 0x00000002) != 0) {
              								LoadStringA( *0x737fd8a2, 0x2d, 0x7380fe45, 0x400);
              								E737F22C0(0x7380fe45);
              								__eflags =  *((char*)(0x737fd912)) - 0x3a;
              								if(__eflags == 0) {
              									lstrcpyA( &_v1033, 0x737fd911);
              									E737F226A(__eflags,  &_v1033);
              									SetCurrentDirectoryA( &_v1033);
              								}
              								_t42 = _t185 + 0x21; // 0x737fd932
              								_t179 = _t42;
              								__eflags =  *_t179;
              								if( *_t179 != 0) {
              									ExpandEnvironmentStringsA(_t179,  &_v2057, 0x400);
              									_t180 =  &_v2057;
              								} else {
              									_t180 = 0;
              								}
              								__eflags =  *(_t185 + 0xd) & 0x00000004;
              								if(( *(_t185 + 0xd) & 0x00000004) == 0) {
              									ShellExecuteA(0, "open", 0x737fd911, _t180, 0, 0xa);
              								} else {
              									_push(0x44);
              									_push( &_v3152);
              									L737F6B70();
              									_push(0x10);
              									_push( &_v3168);
              									L737F6B70();
              									lstrcpyA( &_v1033, "\"");
              									__eflags =  *((char*)(0x737fd912)) - 0x3a;
              									if( *((char*)(0x737fd912)) != 0x3a) {
              										GetCurrentDirectoryA(0x400,  &_v3081);
              										lstrcatA( &_v1033,  &_v3081);
              										lstrcatA( &_v1033, 0x737fd7c0);
              									}
              									lstrcatA( &_v1033, 0x737fd911);
              									lstrcatA( &_v1033, 0x737fd7c2);
              									lstrcatA( &_v1033, _t180);
              									CreateProcessA(0x737fd911,  &_v1033, 0, 0, 0, 0, 0, 0,  &_v3152,  &_v3168);
              									WaitForSingleObject(_v3168, 0xffffffff);
              								}
              								__eflags =  *(_t185 + 0xd) & 0x00000008;
              								if(( *(_t185 + 0xd) & 0x00000008) != 0) {
              									LoadStringA( *0x737fd8a2, 0x2e, 0x73810245, 0x400);
              									E737F22C0(0x73810245);
              									DeleteFileA(0x737fd911);
              								}
              							}
              							LoadStringA( *0x737fd8a2, 0x2f, 0x73810645, 0x400);
              							E737F22C0(0x73810645);
              							_v8 = 1;
              						} else {
              							if(GetFileAttributesA(0x737fd911) == 0xffffffff) {
              								LoadStringA( *0x737fd8a2, 0x2b, 0x7380f645, 0x400);
              								E737F22C0(0x7380f645);
              							}
              						}
              						L50:
              						_t200 = _v9;
              						if(_v9 != 0) {
              							E737F2368(_v8);
              						}
              						SetEnvironmentVariableA("dup2_last_file", 0x737fd911);
              						lstrcpyA( &_v1033, 0x737fd911);
              						E737F226A(_t200,  &_v1033);
              						SetEnvironmentVariableA("dup2_last_path",  &_v1033);
              						if(( *(_t185 + 0xd) & 0x00000020) != 0) {
              							E737F40FA();
              						}
              						return _v8;
              					}
              					if(( *(_t185 + 0xd) & 0x00000010) == 0) {
              						__eflags =  *0x737fe95c;
              						if( *0x737fe95c != 0) {
              							__eflags =  *0x737fe95e - 1;
              							if( *0x737fe95e != 1) {
              								_t151 = 7;
              							} else {
              								_t151 = 6;
              							}
              						} else {
              							LoadStringA( *0x737fd8a2, 0x29, 0x7380ea45, 0x400);
              							_t151 = MessageBoxA( *0x737fd8a6, 0x7380ea45, 0x737fd911, 0x24);
              						}
              						__eflags = _t151 - 6;
              						if(_t151 != 6) {
              							LoadStringA( *0x737fd8a2, 0x2b, 0x7380f245, 0x400);
              							E737F22C0(0x7380f245);
              							goto L50;
              						} else {
              							L25:
              							_v9 = 1;
              							E737F2313(0x737fd911);
              							SetFileAttributesA(0x737fd911, 0x80);
              							LoadStringA( *0x737fd8a2, 0x2a, 0x7380ee45, 0x400);
              							E737F22C0(0x7380ee45);
              							goto L27;
              						}
              					}
              					goto L25;
              				}
              			}




















              0x737f5ba8
              0x737f5baf
              0x737f5bb9
              0x737f5bbb
              0x737f5bbb
              0x737f5bd3
              0x737f5be9
              0x737f5bee
              0x737f5bf4
              0x737f5c16
              0x737f5bf8
              0x737f5bf9
              0x737f5bfb
              0x00000000
              0x737f5bfd
              0x737f5c0d
              0x737f5c12
              0x00000000
              0x737f5c12
              0x737f5bfb
              0x737f5c1b
              0x737f5c21
              0x737f5c25
              0x737f5c35
              0x737f5c41
              0x737f5c49
              0x737f5c57
              0x737f5c57
              0x737f5c64
              0x737f5c71
              0x737f5c71
              0x737f5c88
              0x737f5c92
              0x737f5c98
              0x737f5ca0
              0x737f5cab
              0x737f5cb2
              0x737f5cee
              0x737f5cee
              0x737f5cb4
              0x737f5cbc
              0x737f5cc8
              0x737f5ce7
              0x737f5ce7
              0x737f5cf2
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x737f5cf8
              0x737f5cf8
              0x737f5cf8
              0x737f5d05
              0x737f5dc3
              0x737f5dc7
              0x737f5dc9
              0x737f5dcd
              0x737f5dd7
              0x737f5de3
              0x737f5def
              0x737f5def
              0x737f5dcd
              0x737f5df4
              0x737f5dfa
              0x737f5e06
              0x737f5e3d
              0x737f5e40
              0x737f5e40
              0x737f5e42
              0x737f5e46
              0x737f5e4b
              0x737f5e4e
              0x737f5e62
              0x737f5e6c
              0x737f5e6c
              0x737f5e4e
              0x737f5e71
              0x737f5e78
              0x737f5e90
              0x737f5e9a
              0x737f5e9f
              0x737f5ea3
              0x737f5ead
              0x737f5eb9
              0x737f5ec5
              0x737f5ec5
              0x737f5eca
              0x737f5eca
              0x737f5ecd
              0x737f5ed0
              0x737f5ee3
              0x737f5ee8
              0x737f5ed2
              0x737f5ed2
              0x737f5ed2
              0x737f5eee
              0x737f5ef5
              0x737f5fd1
              0x737f5efb
              0x737f5efb
              0x737f5f03
              0x737f5f04
              0x737f5f09
              0x737f5f11
              0x737f5f12
              0x737f5f23
              0x737f5f28
              0x737f5f2c
              0x737f5f3a
              0x737f5f4d
              0x737f5f5e
              0x737f5f5e
              0x737f5f6b
              0x737f5f7c
              0x737f5f89
              0x737f5fb0
              0x737f5fbd
              0x737f5fbd
              0x737f5fd6
              0x737f5fdd
              0x737f5ff1
              0x737f5ffb
              0x737f6001
              0x737f6001
              0x737f5fdd
              0x737f6018
              0x737f6022
              0x737f6027
              0x737f5e08
              0x737f5e11
              0x737f5e29
              0x737f5e33
              0x737f5e33
              0x737f5e11
              0x737f602e
              0x737f602e
              0x737f6032
              0x737f6037
              0x737f6037
              0x737f6042
              0x737f604f
              0x737f605b
              0x737f606c
              0x737f6078
              0x737f607a
              0x737f607a
              0x737f6086
              0x737f6086
              0x737f5d12
              0x737f5d16
              0x737f5d1d
              0x737f5d4b
              0x737f5d52
              0x737f5d5b
              0x737f5d54
              0x737f5d54
              0x737f5d54
              0x737f5d1f
              0x737f5d31
              0x737f5d44
              0x737f5d44
              0x737f5d60
              0x737f5d63
              0x737f5daf
              0x737f5db9
              0x00000000
              0x737f5d65
              0x737f5d65
              0x737f5d65
              0x737f5d6a
              0x737f5d75
              0x737f5d8c
              0x737f5d96
              0x00000000
              0x737f5d96
              0x737f5d63
              0x00000000
              0x737f5d14

              APIs
              • ExpandEnvironmentStringsA.KERNEL32(?,?,00000400,00000001,?,00000000,?,737F636F,00000000,00000001,00000000,73810A45,00000400,00000184,00000000,00000000), ref: 737F5BD3
              • ExpandEnvironmentStringsA.KERNEL32(?,737FD911,00000400,?,?,00000400,00000001,?,00000000,?,737F636F,00000000,00000001,00000000,73810A45,00000400), ref: 737F5BE9
              • lstrcpyA.KERNEL32(737FD911,00000000,737FD911,?,?,737FD911,00000400,?,?,00000400,00000001,?,00000000,?,737F636F,00000000), ref: 737F5C0D
              • GetModuleFileNameA.KERNEL32(00000000,?,00000400,00000000,737FD911,?,?,737FD911,00000400,?,?,00000400,00000001,?,00000000), ref: 737F5C35
              • lstrcatA.KERNEL32(?,737FD7A9,00000000,?,00000400,00000000,737FD911,?,?,737FD911,00000400,?,?,00000400,00000001), ref: 737F5C57
              • lstrcatA.KERNEL32(?,737FD911,00000000,?,00000400,00000000,737FD911,?,?,737FD911,00000400,?,?,00000400,00000001), ref: 737F5C64
              • lstrcpyA.KERNEL32(737FD911,?,?,737FD911,00000000,?,00000400,00000000,737FD911,?,?,737FD911,00000400,?,?,00000400), ref: 737F5C71
              • LoadStringA.USER32 ref: 737F5C88
              • lstrcpyA.KERNEL32(?,737FD911,00000005,7380E645,00000400,00000000,737FD911,?,?,737FD911,00000400,?,?,00000400,00000001), ref: 737F5CBC
              • GetFileAttributesA.KERNEL32(737FD911,00000005,7380E645,00000400,00000000,737FD911,?,?,737FD911,00000400,?,?,00000400,00000001,?,00000000), ref: 737F5CFD
              • LoadStringA.USER32 ref: 737F5D31
              • MessageBoxA.USER32 ref: 737F5D44
              • SetFileAttributesA.KERNEL32(737FD911,00000080,737FD911,00000005,7380E645,00000400,00000000,737FD911,?,?,737FD911,00000400,?,?,00000400,00000001), ref: 737F5D75
              • LoadStringA.USER32 ref: 737F5D8C
                • Part of subcall function 737F40CF: GetModuleHandleA.KERNEL32(kernel32.dll,737F4F4B), ref: 737F40D4
                • Part of subcall function 737F40CF: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 737F40DF
              • LoadStringA.USER32 ref: 737F5DAF
              • lstrcpyA.KERNEL32(?,737FD911,737FD911,00000005,7380E645,00000400,00000000,737FD911,?,?,737FD911,00000400,?,?,00000400,00000001), ref: 737F5DD7
              • GetFileAttributesA.KERNEL32(737FD911,737FD911,00000000,00000000,737FD911,00000005,7380E645,00000400,00000000,737FD911,?,?,737FD911,00000400,?,?), ref: 737F5E09
              • LoadStringA.USER32 ref: 737F5E29
              • SetFileAttributesA.KERNEL32(737FD911,00000000,737FD911,00000000,00000000,737FD911,00000005,7380E645,00000400,00000000,737FD911,?,?,737FD911,00000400,?), ref: 737F5E46
              • LoadStringA.USER32 ref: 737F5E62
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000180,00000000,?), ref: 737F22D9
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,0000018B,00000000,00000000), ref: 737F22E8
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000186,-00000001,00000000), ref: 737F22F7
              • LoadStringA.USER32 ref: 737F5E90
              • lstrcpyA.KERNEL32(?,737FD911,0000002D,7380FE45,00000400,737FD911,00000000,00000000,737FD911,00000005,7380E645,00000400,00000000,737FD911,?,?), ref: 737F5EAD
              • SetCurrentDirectoryA.KERNEL32(?,?,737FD911,0000002D,7380FE45,00000400,737FD911,00000000,00000000,737FD911,00000005,7380E645,00000400,00000000,737FD911,?), ref: 737F5EC5
              • ExpandEnvironmentStringsA.KERNEL32(737FD932,?,00000400,0000002D,7380FE45,00000400,737FD911,00000000,00000000,737FD911,00000005,7380E645,00000400,00000000,737FD911,?), ref: 737F5EE3
              • RtlZeroMemory.KERNEL32(?,00000044,737FD932,?,00000400,0000002D,7380FE45,00000400,737FD911,00000000,00000000,737FD911,00000005,7380E645,00000400,00000000), ref: 737F5F04
              • RtlZeroMemory.KERNEL32(?,00000010,?,00000044,737FD932,?,00000400,0000002D,7380FE45,00000400,737FD911,00000000,00000000,737FD911,00000005,7380E645), ref: 737F5F12
              • lstrcpyA.KERNEL32(?,737FD7BC,?,00000010,?,00000044,737FD932,?,00000400,0000002D,7380FE45,00000400,737FD911,00000000,00000000,737FD911), ref: 737F5F23
              • GetCurrentDirectoryA.KERNEL32(00000400,?,?,737FD7BC,?,00000010,?,00000044,737FD932,?,00000400,0000002D,7380FE45,00000400,737FD911,00000000), ref: 737F5F3A
              • lstrcatA.KERNEL32(?,?,00000400,?,?,737FD7BC,?,00000010,?,00000044,737FD932,?,00000400,0000002D,7380FE45,00000400), ref: 737F5F4D
              • lstrcatA.KERNEL32(?,737FD7C0,?,?,00000400,?,?,737FD7BC,?,00000010,?,00000044,737FD932,?,00000400,0000002D), ref: 737F5F5E
              • lstrcatA.KERNEL32(?,737FD911,?,737FD7BC,?,00000010,?,00000044,737FD932,?,00000400,0000002D,7380FE45,00000400,737FD911,00000000), ref: 737F5F6B
              • lstrcatA.KERNEL32(?,737FD7C2,?,737FD911,?,737FD7BC,?,00000010,?,00000044,737FD932,?,00000400,0000002D,7380FE45,00000400), ref: 737F5F7C
              • lstrcatA.KERNEL32(?,?,?,737FD7C2,?,737FD911,?,737FD7BC,?,00000010,?,00000044,737FD932,?,00000400,0000002D), ref: 737F5F89
              • CreateProcessA.KERNEL32(737FD911,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,737FD7C2,?,737FD911), ref: 737F5FB0
              • WaitForSingleObject.KERNEL32(?,000000FF,737FD911,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,737FD7C2), ref: 737F5FBD
              • ShellExecuteA.SHELL32(00000000,open,737FD911,?,00000000,0000000A), ref: 737F5FD1
              • LoadStringA.USER32 ref: 737F5FF1
              • DeleteFileA.KERNEL32(737FD911,0000002E,73810245,00000400,00000000,open,737FD911,?,00000000,0000000A,737FD932,?,00000400,0000002D,7380FE45,00000400), ref: 737F6001
              • LoadStringA.USER32 ref: 737F6018
              • SetEnvironmentVariableA.KERNEL32(dup2_last_file,737FD911,00000005,7380E645,00000400,00000000,737FD911,?,?,737FD911,00000400,?,?,00000400,00000001), ref: 737F6042
              • lstrcpyA.KERNEL32(?,737FD911,dup2_last_file,737FD911,00000005,7380E645,00000400,00000000,737FD911,?,?,737FD911,00000400,?,?,00000400), ref: 737F604F
              • SetEnvironmentVariableA.KERNEL32(dup2_last_path,?,?,737FD911,dup2_last_file,737FD911,00000005,7380E645,00000400,00000000,737FD911,?,?,737FD911,00000400,?), ref: 737F606C
                • Part of subcall function 737F6EA0: lstrlenA.KERNEL32(?), ref: 737F6EAA
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: LoadString$lstrcatlstrcpy$File$Environment$AttributesMessage$ExpandSendStrings$CurrentDirectoryMemoryModuleVariableZero$AddressCreateDeleteExecuteHandleNameObjectProcProcessShellSingleWaitlstrlen
              • String ID: All Files$dup2_last_file$dup2_last_path$open
              • API String ID: 3369982232-2561620864
              • Opcode ID: 77e04adde24c86da662c1aba5cbd28107c9567f99a265187654047258089e881
              • Instruction ID: 619f6127256e29a689a38503485adaee810e45041ec65c60e7dd19329959a430
              • Opcode Fuzzy Hash: 77e04adde24c86da662c1aba5cbd28107c9567f99a265187654047258089e881
              • Instruction Fuzzy Hash: 5CC1E0B6A0070B7FEB21DBA0CE88F8A33BDBB00314F118195A355BB2D0D77496479E25
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 654 737f2463-737f24ad ExpandEnvironmentStringsA * 2 655 737f24cb-737f24ce 654->655 656 737f24af-737f24b2 655->656 657 737f24d0-737f24d9 655->657 656->655 658 737f24b4-737f24c9 call 737f6ea0 lstrcpyA 656->658 659 737f24db-737f24e2 657->659 660 737f2546-737f2583 LoadStringA call 737f22c0 * 2 GetFileAttributesA 657->660 658->657 663 737f2505-737f2511 lstrcpyA 659->663 664 737f24e4-737f2503 GetModuleFileNameA call 737f226a 659->664 674 737f25b9-737f25c0 660->674 675 737f2585-737f258c 660->675 668 737f2516-737f2519 663->668 664->668 669 737f252c-737f2541 lstrcatA lstrcpyA 668->669 670 737f251b-737f2527 lstrcatA 668->670 669->660 670->669 678 737f25c2-737f25de CreateFileA 674->678 679 737f25e0-737f25f7 CreateFileA 674->679 676 737f258e 675->676 677 737f2590-737f2595 675->677 676->674 681 737f25af-737f25b4 call 737f2313 677->681 682 737f2597-737f25aa SetFileAttributesA call 737f22c0 677->682 680 737f25fc-737f25ff 678->680 679->680 683 737f277c-737f27b4 GetFileTime GetFileSize 680->683 684 737f2605-737f2612 GetFileAttributesA 680->684 681->674 682->681 689 737f27b9-737f27c0 683->689 690 737f27b6 683->690 687 737f26ef-737f26f6 684->687 688 737f2618-737f261f 684->688 695 737f273f-737f2770 LoadStringA MessageBoxA 687->695 696 737f26f8-737f26ff 687->696 691 737f2777 688->691 692 737f2625-737f2634 call 737f6ea0 688->692 693 737f27db-737f27eb 689->693 694 737f27c2-737f27d8 call 737f6ee0 689->694 690->689 698 737f28ba-737f28c1 691->698 710 737f266f-737f267e 692->710 711 737f2636-737f263a 692->711 702 737f27ed-737f2802 CreateFileMappingA 693->702 703 737f2804-737f2814 CreateFileMappingA 693->703 694->693 695->691 697 737f2772 695->697 696->691 701 737f2701-737f270e call 737f2411 696->701 697->660 706 737f28cd-737f28d5 698->706 707 737f28c3-737f28c8 call 737f22c0 698->707 721 737f273d 701->721 722 737f2710-737f2738 LoadStringA call 737f22c0 701->722 709 737f2819-737f281b 702->709 703->709 707->706 714 737f281d-737f283e LoadStringA call 737f22c0 709->714 715 737f2840-737f284c 709->715 719 737f2688-737f2698 lstrcpyA call 737f6c90 710->719 720 737f2680-737f2686 call 737f6ea0 710->720 711->710 718 737f263c-737f266d LoadStringA MessageBoxA 711->718 714->698 716 737f285e-737f2867 MapViewOfFile 715->716 717 737f284e-737f285c MapViewOfFile 715->717 725 737f286c-737f286e 716->725 717->725 718->710 726 737f26ea 718->726 735 737f269b-737f26e3 lstrcpyA RtlMoveMemory lstrcpyA call 737f226a call 737f6e30 719->735 736 737f269a 719->736 720->719 721->691 722->660 730 737f2872-737f28b5 SetEnvironmentVariableA lstrcpyA call 737f226a SetEnvironmentVariableA 725->730 731 737f2870 725->731 726->691 730->698 731->714 735->726 743 737f26e5 735->743 736->735 743->660
              C-Code - Quality: 95%
              			E737F2463(CHAR* _a4, signed int _a8, signed int _a12) {
              				char _v1028;
              				char _v2052;
              				char _v3076;
              				signed int _v3080;
              				long _t48;
              				signed int _t52;
              				void* _t53;
              				long _t55;
              				void* _t56;
              				void* _t57;
              				void* _t58;
              				signed int _t59;
              				int _t76;
              				void* _t77;
              				short* _t80;
              				void* _t82;
              				void* _t84;
              				long _t92;
              				CHAR* _t113;
              				CHAR* _t114;
              				void* _t116;
              				void* _t132;
              
              				asm("pushad");
              				_v3080 = 0;
              				 *0x737fe52e = 0;
              				ExpandEnvironmentStringsA(_a4,  &_v3076, 0x400);
              				_t48 = ExpandEnvironmentStringsA( &_v3076, 0x737fd911, 0x400);
              				while( *0x737fd911 != 0) {
              					asm("lodsb");
              					__eflags = _t48 - 0x25;
              					if(__eflags != 0) {
              						continue;
              					} else {
              						lstrcpyA(0x737fd911, E737F6EA0(0x737fd911));
              						break;
              					}
              				}
              				if( *0x737FD912 != 0x3a) {
              					_t119 =  *0x737fe95f;
              					if( *0x737fe95f != 0) {
              						lstrcpyA( &_v3076, 0x737fe95f);
              					} else {
              						GetModuleFileNameA(0,  &_v3076, 0x400);
              						E737F226A(_t119,  &_v3076);
              					}
              					if( *0x737fd911 != 0x5c) {
              						lstrcatA( &_v3076, 0x737fd11a);
              					}
              					lstrcatA( &_v3076, 0x737fd911);
              					lstrcpyA(0x737fd911,  &_v3076);
              				}
              				while(1) {
              					LoadStringA( *0x737fd8a2, 0x13, 0x7380323d, 0x400);
              					E737F22C0(0x7380323d);
              					E737F22C0(0x737fd911);
              					_t52 = GetFileAttributesA(0x737fd911);
              					 *0x737fe511 = _t52;
              					if(_t52 != 0xffffffff) {
              						if((_a12 & 0x80000000) == 0) {
              							__eflags = _t52 & 0x00000001;
              							if((_t52 & 0x00000001) != 0) {
              								_t92 = _t52 ^ 0x00000001;
              								__eflags = _t92;
              								SetFileAttributesA(0x737fd911, _t92);
              								E737F22C0("Removing readonly file attribute");
              							}
              							E737F2313(0x737fd911);
              						}
              					}
              					if((_a12 & 0x80000000) == 0) {
              						_t53 = CreateFileA(0x737fd911, 0xc0000000, 2, 0, 3, 0x82, 0);
              					} else {
              						_t53 = CreateFileA(0x737fd911, 0x80000000, 1, 0, 3, 0x82, 0);
              					}
              					if(_t53 != 0xffffffff) {
              						break;
              					}
              					if(GetFileAttributesA(0x737fd911) != 0xffffffff) {
              						__eflags = _a12 & 0x00000002;
              						if((_a12 & 0x00000002) == 0) {
              							LoadStringA( *0x737fd8a2, 0x12, 0x73803e3d, 0x400);
              							_t76 = MessageBoxA( *0x737fd8a6, 0x73803e3d, 0x737fd911, 0x34);
              							__eflags = _t76 - 6;
              							if(_t76 != 6) {
              								L40:
              								L56:
              								__eflags = _v3080;
              								if(_v3080 == 0) {
              									E737F22C0("File not loaded");
              								}
              								asm("popad");
              								return _v3080;
              							}
              							continue;
              						}
              						__eflags =  *0x737fe52e;
              						if( *0x737fe52e != 0) {
              							goto L40;
              						}
              						_t77 = E737F2411(0x737fd911);
              						__eflags = _t77 - 1;
              						if(_t77 != 1) {
              							goto L40;
              						}
              						 *0x737fe52e = 1;
              						LoadStringA( *0x737fd8a2, 0x11, 0x73803a3d, 0x400);
              						E737F22C0(0x73803a3d);
              						continue;
              					}
              					if( *0x737fe95c != 0) {
              						goto L40;
              					}
              					_t80 = E737F6EA0(0x737fd911);
              					if( *_t80 == 0x2e2a ||  *_t80 == 0) {
              						L26:
              						_t113 =  &_v1028;
              						_t111 = 0x737fd911;
              						if( *((char*)(0x737fd912)) == 0x3a) {
              							_t111 = E737F6EA0(0x737fd911);
              						}
              						lstrcpyA(_t113, _t111);
              						_t82 = E737F6C90(_t113);
              						if(_t82 > 0) {
              							_t82 = _t82 + 1;
              							_t132 = _t82;
              						}
              						_t114 =  &(_t113[_t82]);
              						lstrcpyA(_t114, _t111);
              						_t84 = _t82;
              						RtlMoveMemory( &(_t114[_t84]), "Exe Files [*.exe]", 0x2e);
              						_t116 = _t113;
              						_t109 =  &_v2052;
              						lstrcpyA( &_v2052, 0x737fd911);
              						E737F226A(_t132, _t109);
              						if(E737F6E30(0x737fd911, _t116, _t109,  *0x737fd8a6) != 1) {
              							goto L32;
              						} else {
              							continue;
              						}
              					} else {
              						LoadStringA( *0x737fd8a2, 0x10, 0x7380363d, 0x400);
              						if(MessageBoxA( *0x737fd8a6, 0x7380363d, 0x737fd911, 0x34) != 6) {
              							L32:
              							goto L40;
              						}
              						goto L26;
              					}
              				}
              				 *0x737fe515 = _t53;
              				GetFileTime( *0x737fe515, 0x737ff181, 0x737ff189, 0x737ff191);
              				_t55 = GetFileSize( *0x737fe515, 0x737fe51d);
              				 *0x737fe519 = _t55;
              				__eflags = _a8;
              				if(_a8 == 0) {
              					_a8 = _t55;
              				}
              				__eflags = _a12 & 0x00000004;
              				if((_a12 & 0x00000004) != 0) {
              					_t72 = _t55 + 0x278 +  *0x737fd880;
              					__eflags = _t55 + 0x278 +  *0x737fd880;
              					_a8 = E737F6EE0(_t72, 0x100);
              				}
              				_push(_a8);
              				_pop( *0x737fe529);
              				__eflags = _a12 & 0x80000000;
              				if((_a12 & 0x80000000) == 0) {
              					_t56 = CreateFileMappingA( *0x737fe515, 0, 4, 0, 0, 0);
              				} else {
              					_t56 = CreateFileMappingA( *0x737fe515, 0, 2, 0, 0, 0);
              				}
              				_t57 = _t56;
              				__eflags = _t57;
              				if(_t57 != 0) {
              					 *0x737fe525 = _t57;
              					__eflags = _a12 & 0x80000000;
              					if((_a12 & 0x80000000) == 0) {
              						_t58 = MapViewOfFile(_t57, 2, 0, 0, 0);
              					} else {
              						_t58 = MapViewOfFile(_t57, 4, 0, 0, 0);
              					}
              					_t59 = _t58;
              					__eflags = _t59;
              					if(__eflags != 0) {
              						 *0x737fe521 = _t59;
              						_v3080 = _t59;
              						SetEnvironmentVariableA("dup2_last_file", 0x737fd911);
              						lstrcpyA( &_v3076, 0x737fd911);
              						E737F226A(__eflags,  &_v3076);
              						SetEnvironmentVariableA("dup2_last_path",  &_v3076);
              						goto L56;
              					} else {
              						goto L49;
              					}
              				} else {
              					L49:
              					LoadStringA( *0x737fd8a2, 0x14, 0x7380423d, 0x400);
              					E737F22C0(0x7380423d);
              					goto L56;
              				}
              			}

























              0x737f246c
              0x737f246d
              0x737f2477
              0x737f248d
              0x737f24a3
              0x737f24cb
              0x737f24af
              0x737f24b0
              0x737f24b2
              0x00000000
              0x737f24b4
              0x737f24c4
              0x00000000
              0x737f24c4
              0x737f24b2
              0x737f24d9
              0x737f24db
              0x737f24e2
              0x737f2511
              0x737f24e4
              0x737f24f2
              0x737f24fe
              0x737f24fe
              0x737f2519
              0x737f2527
              0x737f2527
              0x737f2534
              0x737f2541
              0x737f2541
              0x737f2546
              0x737f2558
              0x737f2562
              0x737f256c
              0x737f2576
              0x737f257b
              0x737f2583
              0x737f258c
              0x737f2590
              0x737f2595
              0x737f2597
              0x737f2597
              0x737f25a0
              0x737f25aa
              0x737f25aa
              0x737f25b4
              0x737f25b4
              0x737f258c
              0x737f25c0
              0x737f25f7
              0x737f25c2
              0x737f25d9
              0x737f25d9
              0x737f25ff
              0x00000000
              0x00000000
              0x737f2612
              0x737f26ef
              0x737f26f6
              0x737f2751
              0x737f2768
              0x737f276d
              0x737f2770
              0x737f2777
              0x737f28ba
              0x737f28ba
              0x737f28c1
              0x737f28c8
              0x737f28c8
              0x737f28cd
              0x737f28d5
              0x737f28d5
              0x00000000
              0x737f2772
              0x737f26f8
              0x737f26ff
              0x00000000
              0x00000000
              0x737f2706
              0x737f270b
              0x737f270e
              0x00000000
              0x737f273d
              0x737f2710
              0x737f2729
              0x737f2733
              0x00000000
              0x737f2733
              0x737f261f
              0x00000000
              0x00000000
              0x737f262a
              0x737f2634
              0x737f266f
              0x737f266f
              0x737f2675
              0x737f267e
              0x737f2686
              0x737f2686
              0x737f268a
              0x737f2690
              0x737f2698
              0x737f269a
              0x737f269a
              0x737f269a
              0x737f269d
              0x737f26a1
              0x737f26a6
              0x737f26b1
              0x737f26b6
              0x737f26b7
              0x737f26c3
              0x737f26c9
              0x737f26e3
              0x00000000
              0x737f26e5
              0x00000000
              0x737f26e5
              0x737f263c
              0x737f264e
              0x737f266d
              0x737f26ea
              0x00000000
              0x737f26ea
              0x00000000
              0x737f266d
              0x737f2634
              0x737f277c
              0x737f2796
              0x737f27a6
              0x737f27ab
              0x737f27b0
              0x737f27b4
              0x737f27b6
              0x737f27b6
              0x737f27b9
              0x737f27c0
              0x737f27c7
              0x737f27c7
              0x737f27d8
              0x737f27d8
              0x737f27db
              0x737f27de
              0x737f27e4
              0x737f27eb
              0x737f2814
              0x737f27ed
              0x737f27fd
              0x737f27fd
              0x737f2819
              0x737f2819
              0x737f281b
              0x737f2840
              0x737f2845
              0x737f284c
              0x737f2867
              0x737f284e
              0x737f2857
              0x737f2857
              0x737f286c
              0x737f286c
              0x737f286e
              0x737f2872
              0x737f2877
              0x737f2887
              0x737f2898
              0x737f28a4
              0x737f28b5
              0x00000000
              0x737f2870
              0x00000000
              0x737f2870
              0x737f281d
              0x737f281d
              0x737f282f
              0x737f2839
              0x00000000
              0x737f2839

              APIs
              • ExpandEnvironmentStringsA.KERNEL32(?,?,00000400), ref: 737F248D
              • ExpandEnvironmentStringsA.KERNEL32(?,737FD911,00000400,?,?,00000400), ref: 737F24A3
              • lstrcpyA.KERNEL32(737FD911,00000000,737FD911,?,737FD911,00000400,?,?,00000400), ref: 737F24C4
              • GetModuleFileNameA.KERNEL32(00000000,?,00000400,737FD911,00000000,737FD911,?,737FD911,00000400,?,?,00000400), ref: 737F24F2
              • lstrcpyA.KERNEL32(?,737FE95F,737FD911,00000000,737FD911,?,737FD911,00000400,?,?,00000400), ref: 737F2511
              • lstrcatA.KERNEL32(?,737FD11A,?,737FE95F,737FD911,00000000,737FD911,?,737FD911,00000400,?,?,00000400), ref: 737F2527
              • lstrcatA.KERNEL32(?,737FD911,?,737FE95F,737FD911,00000000,737FD911,?,737FD911,00000400,?,?,00000400), ref: 737F2534
              • lstrcpyA.KERNEL32(737FD911,?,?,737FD911,?,737FE95F,737FD911,00000000,737FD911,?,737FD911,00000400,?,?,00000400), ref: 737F2541
              • LoadStringA.USER32 ref: 737F2558
              • GetFileAttributesA.KERNEL32(737FD911,00000013,7380323D,00000400,737FD911,00000000,737FD911,?,737FD911,00000400,?,?,00000400), ref: 737F2576
              • SetFileAttributesA.KERNEL32(737FD911,00000000,737FD911,00000013,7380323D,00000400,73803E3D,737FD911,00000034,00000012,73803E3D,00000400,737FD911,737FD911,C0000000,00000002), ref: 737F25A0
              • CreateFileA.KERNEL32(737FD911,80000000,00000001,00000000,00000003,00000082,00000000,737FD911,00000013,7380323D,00000400,73803E3D,737FD911,00000034,00000012,73803E3D), ref: 737F25D9
              • CreateFileA.KERNEL32(737FD911,C0000000,00000002,00000000,00000003,00000082,00000000,737FD911,00000013,7380323D,00000400,737FD911,00000000,737FD911,?,737FD911), ref: 737F25F7
              • GetFileAttributesA.KERNEL32(737FD911,737FD911,C0000000,00000002,00000000,00000003,00000082,00000000,737FD911,00000013,7380323D,00000400,737FD911,00000000,737FD911,?), ref: 737F260A
              • LoadStringA.USER32 ref: 737F264E
              • MessageBoxA.USER32 ref: 737F2665
              • lstrcpyA.KERNEL32(?,737FD911,737FD911,737FD911,737FD911,80000000,00000001,00000000,00000003,00000082,00000000,737FD911,00000013,7380323D,00000400,73803E3D), ref: 737F268A
              • lstrcpyA.KERNEL32(?,737FD911,00000000,?,?,?,737FD911,737FD911,737FD911,737FD911,80000000,00000001,00000000,00000003,00000082,00000000), ref: 737F26A1
              • RtlMoveMemory.KERNEL32(?,Exe Files [*.exe],0000002E,737FD911,00000000,?,?,?,737FD911,737FD911,737FD911,737FD911,80000000,00000001,00000000,00000003), ref: 737F26B1
              • lstrcpyA.KERNEL32(?,737FD911,Exe Files [*.exe],0000002E,737FD911,00000000,?,?,?,737FD911,737FD911,737FD911,737FD911,80000000,00000001,00000000), ref: 737F26C3
              • LoadStringA.USER32 ref: 737F2729
              • LoadStringA.USER32 ref: 737F2751
              • MessageBoxA.USER32 ref: 737F2768
              • GetFileTime.KERNEL32(737FF181,737FF189,737FF191,737FD911,C0000000,00000002,00000000,00000003,00000082,00000000,737FD911,00000013,7380323D,00000400,737FD911,00000000), ref: 737F2796
              • GetFileSize.KERNEL32(737FE51D,737FF181,737FF189,737FF191,737FD911,C0000000,00000002,00000000,00000003,00000082,00000000,737FD911,00000013,7380323D,00000400,737FD911), ref: 737F27A6
              • CreateFileMappingA.KERNEL32 ref: 737F27FD
              • CreateFileMappingA.KERNEL32 ref: 737F2814
              • LoadStringA.USER32 ref: 737F282F
              • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000,737FE51D,737FF181,737FF189,737FF191,737FD911), ref: 737F2857
              • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000,737FE51D,737FF181,737FF189,737FF191,737FD911), ref: 737F2867
              • SetEnvironmentVariableA.KERNEL32(dup2_last_file,737FD911,00000000,00000002,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000,737FE51D,737FF181,737FF189), ref: 737F2887
              • lstrcpyA.KERNEL32(?,737FD911,dup2_last_file,737FD911,00000000,00000002,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000,737FE51D), ref: 737F2898
              • SetEnvironmentVariableA.KERNEL32(dup2_last_path,?,?,737FD911,dup2_last_file,737FD911,00000000,00000002,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000000), ref: 737F28B5
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: File$lstrcpy$LoadString$CreateEnvironment$Attributes$ExpandMappingMessageStringsVariableViewlstrcat$MemoryModuleMoveNameSizeTime
              • String ID: Exe Files [*.exe]$File not loaded$Removing readonly file attribute$dup2_last_file$dup2_last_path
              • API String ID: 3117120910-276086001
              • Opcode ID: 4d23d53ae2c5be4fa33faa49fec735aab27180a427d21b281f75eaaffdab5c74
              • Instruction ID: 4e9b182f3e85245e9092af07eb432323d3cad63b9f7955b97b1b3eeafe7dc48f
              • Opcode Fuzzy Hash: 4d23d53ae2c5be4fa33faa49fec735aab27180a427d21b281f75eaaffdab5c74
              • Instruction Fuzzy Hash: 22A1167664030FBEFB21ABA0CE85F592769FB00320F208255FA517B3D6DBB45643AE15
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 77%
              			E737F1BCC(struct HWND__** _a4) {
              				struct HDC__* _v8;
              				struct HDC__* _v12;
              				struct HDC__* _v16;
              				int _v20;
              				int _v24;
              				intOrPtr _v28;
              				intOrPtr _v32;
              				struct tagBITMAPINFO _v76;
              				void* _v80;
              				void* _v84;
              				struct tagSIZE _v92;
              				struct HWND__* _t70;
              				long _t71;
              				void* _t77;
              				int _t80;
              				signed int _t104;
              				int _t107;
              				BITMAPINFO* _t108;
              				intOrPtr* _t110;
              				struct HWND__** _t111;
              
              				_t111 = _a4;
              				_t70 = _t111[7];
              				if(_t70 >= 0x1f4) {
              					_t71 = _t70 + 0x96;
              				} else {
              					_t71 = 0x1f4;
              				}
              				Sleep(_t71);
              				_v24 = lstrlenA(_t111[1]);
              				_v8 = GetDC( *_t111);
              				_v16 = CreateCompatibleDC(GetDC(0));
              				_t77 = _t111[5];
              				if(_t77 == 0) {
              					_t77 = SendMessageA( *_t111, 0x31, 0, 0);
              				}
              				SelectObject(_v16, _t77);
              				_t80 = GetTextExtentPointA(_v16, _t111[1], _v24,  &_v92);
              				if(_t80 != 1) {
              					return _t80;
              				}
              				_push(_v92.cy);
              				_pop( *_t14);
              				 *_t16 = _v92.cx;
              				SelectObject(_v16, CreateCompatibleBitmap(_v8, _t111[4], _v20));
              				_t108 =  &_v76;
              				_push(0x2c);
              				_push(_t108);
              				L737F6B70();
              				_t108->bmiHeader = 0x28;
              				_push(_t111[4]);
              				_pop( *_t23);
              				_push(_v20);
              				_pop( *_t25);
              				_t108->bmiHeader.biPlanes = 1;
              				_t108->bmiHeader.biBitCount = 0x20;
              				_t108->bmiHeader.biCompression = 0;
              				SelectObject(_v16, CreateDIBSection(_v16, _t108, 0,  &_v84, 0, 0));
              				_v12 = CreateCompatibleDC(GetDC(0));
              				SelectObject(_v12, CreateDIBSection(_v12,  &_v76, 0,  &_v80, 0, 0));
              				BitBlt(_v12, 0, 0, _t111[4], _v20, _v8, _t111[2], _t111[3], 0xcc0020);
              				SetBkMode(_v16, 1);
              				SetTextColor(_v16, _t111[6]);
              				_t110 = GetProcAddress(GetModuleHandleA("user32.dll"), "SetLayeredWindowAttributes");
              				_v32 = 0 - _v28 - 8;
              				_t107 = _t111[4] + 4;
              				L7:
              				if(_t111[8] == 0) {
              					BitBlt(_v16, 0, 0, _t111[4], _v20, _v12, 0, 0, 0xcc0020);
              					TextOutA(_v16, _t107, 0, _t111[1], _v24);
              					E737F1DF0(_v84, _v80, _v20, _t111[4]);
              					BitBlt(_v8, _t111[2], _t111[3], _t111[4], _v20, _v16, 0, 0, 0xcc0020);
              					_t107 = _t107 - 1;
              					if(_t107 == _v32) {
              						_t107 = _t111[4];
              					}
              					_t110 = _t110;
              					if(_t110 != 0) {
              						_t104 = _t111[7] & 0x000000ff;
              						if(_t104 != 0 && _t104 != 0xff) {
              							 *_t110( *_t111, 0, _t104, 2);
              						}
              					}
              				}
              				Sleep(0x1e);
              				goto L7;
              			}























              0x737f1bd2
              0x737f1bd5
              0x737f1bdd
              0x737f1be6
              0x737f1bdf
              0x737f1bdf
              0x737f1bdf
              0x737f1bec
              0x737f1bf9
              0x737f1c03
              0x737f1c13
              0x737f1c19
              0x737f1c1b
              0x737f1c25
              0x737f1c25
              0x737f1c2e
              0x737f1c40
              0x737f1c48
              0x737f1de2
              0x737f1de2
              0x737f1c4e
              0x737f1c51
              0x737f1c57
              0x737f1c6c
              0x737f1c71
              0x737f1c74
              0x737f1c76
              0x737f1c77
              0x737f1c7c
              0x737f1c82
              0x737f1c85
              0x737f1c88
              0x737f1c8b
              0x737f1c8e
              0x737f1c94
              0x737f1c9a
              0x737f1cb8
              0x737f1cca
              0x737f1ce7
              0x737f1d07
              0x737f1d11
              0x737f1d1c
              0x737f1d36
              0x737f1d40
              0x737f1d46
              0x737f1d49
              0x737f1d4d
              0x737f1d6c
              0x737f1d7d
              0x737f1d8e
              0x737f1dae
              0x737f1db3
              0x737f1db7
              0x737f1db9
              0x737f1db9
              0x737f1dbc
              0x737f1dbe
              0x737f1dc4
              0x737f1dc6
              0x737f1dd3
              0x737f1dd3
              0x737f1dc6
              0x737f1dbe
              0x737f1dd7
              0x00000000

              APIs
              • Sleep.KERNEL32(?), ref: 737F1BEC
              • lstrlenA.KERNEL32(?,?), ref: 737F1BF4
              • GetDC.USER32(?), ref: 737F1BFE
              • GetDC.USER32(00000000), ref: 737F1C08
              • CreateCompatibleDC.GDI32(00000000), ref: 737F1C0E
              • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 737F1C25
              • SelectObject.GDI32(?,?), ref: 737F1C2E
              • GetTextExtentPointA.GDI32(?,?,?,?), ref: 737F1C40
              • CreateCompatibleBitmap.GDI32(?,00000000,00000000), ref: 737F1C63
              • SelectObject.GDI32(?,00000000), ref: 737F1C6C
              • RtlZeroMemory.KERNEL32(?,0000002C,?,00000000,?,?,00000000,?,?), ref: 737F1C77
              • CreateDIBSection.GDI32(?,?,00000000,?,00000000,00000000), ref: 737F1CAF
              • SelectObject.GDI32(?,00000000), ref: 737F1CB8
              • GetDC.USER32(00000000), ref: 737F1CBF
              • CreateCompatibleDC.GDI32(00000000), ref: 737F1CC5
              • CreateDIBSection.GDI32(?,?,00000000,?,00000000,00000000), ref: 737F1CDE
              • SelectObject.GDI32(?,00000000), ref: 737F1CE7
              • BitBlt.GDI32(?,00000000,00000000,00000000,00000000,?,?,?,00CC0020), ref: 737F1D07
              • SetBkMode.GDI32(?,00000001), ref: 737F1D11
              • SetTextColor.GDI32(?,00000000), ref: 737F1D1C
              • GetModuleHandleA.KERNEL32(user32.dll,?,00000000,?,?,00000000,?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?), ref: 737F1D26
              • GetProcAddress.KERNEL32(00000000,SetLayeredWindowAttributes), ref: 737F1D31
              • BitBlt.GDI32(?,00000000,00000000,00000000,00000000,?,00000000,00000000,00CC0020), ref: 737F1D6C
              • TextOutA.GDI32(?,-00000004,00000000,?,?), ref: 737F1D7D
              • BitBlt.GDI32(?,?,?,00000000,00000000,?,00000000,00000000,00CC0020), ref: 737F1DAE
              • Sleep.KERNEL32(0000001E,user32.dll,?,00000000,?,?,00000000,?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 737F1DD7
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Create$ObjectSelect$CompatibleText$SectionSleep$AddressBitmapColorExtentHandleMemoryMessageModeModulePointProcSendZerolstrlen
              • String ID: SetLayeredWindowAttributes$user32.dll
              • API String ID: 17561160-3673630139
              • Opcode ID: 8d079120382b5bfea924b0c76e7fcaeeff072a2126bb26c4d006d02b65baf4b1
              • Instruction ID: 3f16dcbc267f061ca6e0ad7f6de0e80012640636d1d86849585cee108bcbb6e6
              • Opcode Fuzzy Hash: 8d079120382b5bfea924b0c76e7fcaeeff072a2126bb26c4d006d02b65baf4b1
              • Instruction Fuzzy Hash: 6551BA7194070ABBEF229FE0CE05F9EBBB6FF04700F148514A661766A0D7726562EB14
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 88%
              			E737F498E(intOrPtr _a4) {
              				long _v8;
              				signed char _v9;
              				char* _v16;
              				void* _v20;
              				WCHAR* _v24;
              				long _v28;
              				int _v32;
              				int _v36;
              				signed int _v40;
              				signed int _v44;
              				CHAR* _v48;
              				long _v52;
              				intOrPtr _v56;
              				int _v60;
              				int _v64;
              				long _v68;
              				long _v72;
              				void* _v1096;
              				char _v1100;
              				char _v1220;
              				signed int _t174;
              				void* _t175;
              				void* _t177;
              				int _t182;
              				long _t184;
              				CHAR* _t192;
              				void* _t197;
              				short* _t233;
              				short* _t234;
              				long _t236;
              				long _t237;
              				intOrPtr _t238;
              				intOrPtr _t239;
              				void* _t243;
              				void* _t244;
              				void* _t245;
              				intOrPtr _t246;
              				intOrPtr* _t247;
              				CHAR* _t248;
              				long _t250;
              				void* _t251;
              
              				_v8 = 0;
              				_v9 = 1;
              				_t246 = _a4;
              				LoadStringA( *0x737fd8a2, 6, 0x73809e3d, 0x400);
              				E737F22C0(0x73809e3d);
              				 *_t5 =  *(_t246 + 0x401);
              				if(( *(_t246 + 0x401) & 0x00000008) != 0) {
              					E737F40CF();
              				}
              				if(E737F2463(_t246 + 1, 0,  *(_t246 + 0x401)) != 0) {
              					if( *0x737fe519 >= 0x100000) {
              						_t174 =  *0x737fe519 << 1;
              					} else {
              						_t174 = 0x100000;
              					}
              					_v72 = _t174;
              					_t175 = VirtualAlloc(0, _v72, 0x1000, 4);
              					_v16 = _t175;
              					_v24 = _t175;
              					_v20 = VirtualAlloc(0, _v72, 0x1000, 4);
              					_t177 =  *0x737fe521;
              					if( *_t177 != 0xfeff) {
              						RtlMoveMemory(_v16,  *0x737fe521,  *0x737fe519);
              						_v68 = 0;
              					} else {
              						WideCharToMultiByte(0, 0, _t177 + 2,  *0x737fe519 - 2 >> 1, _v16, _v72, 0, 0);
              						LoadStringA( *0x737fd8a2, 0x18, 0x7380a23d, 0x400);
              						E737F22C0(0x7380a23d);
              						_v68 = 1;
              					}
              					_t247 = _t246 + 0x408;
              					while( *((intOrPtr*)(_t247 + 4)) != 0) {
              						 *_t23 =  *_t247;
              						_t248 = _t247 + 8;
              						_v48 = _t248;
              						 *_t26 =  *((intOrPtr*)(_t248 - 4));
              						_t250 = _t248 +  *((intOrPtr*)(_t248 - 4)) + 5;
              						_v52 = _t250;
              						_v56 = _t250;
              						 *_t31 =  *((intOrPtr*)(_t250 - 4));
              						_v28 = E737F6C90(_v24);
              						_t251 = _v16;
              						_t243 = _v20;
              						_push(_v72);
              						_push(_t243);
              						L737F6B70();
              						_push(_v52);
              						if((_v40 & 0x00000080) != 0) {
              							ExpandEnvironmentStringsA(_v48, 0x737ff199, 0x1000);
              							_v60 = E737F6C90(0x737ff199);
              							 *_t43 = 0x737ff199;
              						}
              						if((_v40 & 0x00000100) != 0) {
              							ExpandEnvironmentStringsA(_v52, 0x73800199, 0x1000);
              							_v64 = E737F6C90(0x73800199);
              							 *_t49 = 0x73800199;
              						}
              						while(_v28 != 0) {
              							_t182 = E737F3E20(_v48, _t251, _v40,  &_v60,  &_v1220,  &_v1100);
              							_v36 = _t182;
              							if(_v36 >= 0 && (_v40 & 0x00000002) != 0) {
              								_v32 = _t182;
              								if(_t251 != _v24 && E737F7300(_t251 - 1, " <>[]|$^!%&/\\(){}=?`*+-\'#.:;,@~\"\r\n\t") == 0) {
              									_v32 = 0xffffffff;
              								}
              								if(E737F7300(_t251 + _v60, " <>[]|$^!%&/\\(){}=?`*+-\'#.:;,@~\"\r\n\t") == 0) {
              									_v32 = 0xffffffff;
              								}
              							}
              							if(_v36 < 0) {
              								if((_v40 & 0x00001000) == 0) {
              									asm("movsb");
              									_v28 = _v28 - 1;
              									continue;
              								}
              								_t236 = _v28;
              								while(1) {
              									_t237 = _t236;
              									if(_t237 == 0) {
              										break;
              									}
              									asm("movsb");
              									_t236 = _t237 - 1;
              								}
              								_v28 = 0;
              							} else {
              								if((_v40 & 0x00001000) != 0) {
              									E737F3DA0( &_v1220, _v56, 0x73801199, _v36,  &_v1220, _t251);
              									 *_t73 = 0x73801199;
              									_v64 = E737F6C90(_v52);
              								}
              								if((_v40 & 0x00000040) != 0 &&  *0x7380e63d !=  &_v1096) {
              									_push(_v52);
              									_pop( *0x7380e63d);
              									if(DialogBoxParamA( *0x737fd8a2, 3,  *0x737fd8a6, E737F58B0,  &_v1096) != 0) {
              										_v64 = E737F6C90( &_v1096);
              										_v52 =  &_v1096;
              									}
              								}
              								_t238 = _v1100;
              								while(1) {
              									_t239 = _t238;
              									if(_t239 == 0) {
              										break;
              									}
              									asm("movsb");
              									_t238 = _t239 - 1;
              								}
              								if((_v40 & 0x00000008) == 0) {
              									if((_v40 & 0x00000004) == 0) {
              										if((_v40 & 0x00000010) == 0) {
              											if((_v40 & 0x00000020) != 0) {
              												RtlMoveMemory(_t243, _v52, _v64);
              												_t244 = _t243 + _v64;
              												RtlMoveMemory(_t244, _t251, _v60);
              												_t243 = _t244 + _v60;
              												_t251 = _t251 + _v60;
              											}
              										} else {
              											RtlMoveMemory(_t243, _t251, _v60);
              											_t245 = _t243 + _v60;
              											_t251 = _t251 + _v60;
              											RtlMoveMemory(_t245, _v52, _v64);
              											_t243 = _t245 + _v64;
              										}
              									} else {
              										RtlMoveMemory(_t243, _v52, _v64);
              										_t243 = _t243 + _v64;
              										_t251 = _t251 + _v60;
              									}
              								} else {
              									_t251 = _t251 + _v60;
              								}
              								if( *_t251 == 0) {
              									_v28 = 0;
              								} else {
              									_v28 = _v28 - _v60;
              								}
              								_v8 = 1;
              							}
              						}
              						_pop( *_t129);
              						_push(_v16);
              						_push(_v20);
              						_pop( *_t132);
              						_pop( *_t133);
              						_push(_v16);
              						_pop( *_t135);
              						_t247 = _v52 +  *((intOrPtr*)(_v52 - 4)) + 1;
              					}
              					E737F28D8(_v8, 0);
              					_t184 =  *0x737fe511;
              					if((_t184 & 0x00000001) != 0) {
              						_t184 = _t184 - 1;
              					}
              					SetFileAttributesA(0x737fd911, _t184);
              					if(_v68 != 1) {
              						 *0x737fe529 = E737F6C90(_v24);
              					} else {
              						if(_v16 != _v24) {
              							_t233 = _v16;
              						} else {
              							_t233 = _v20;
              						}
              						 *_t233 = 0xfeff;
              						_t234 = _t233 + 2;
              						MultiByteToWideChar(0, 0, _v24, 0xffffffff, _t234, _v72);
              						_v24 = _t234 - 2;
              						 *0x737fe529 = lstrlenW(_v24) << 1;
              					}
              					if(E737F6D4C(0x737fd911, _v24,  *0x737fe529) != 0) {
              						if((_v44 & 0x00000010) != 0) {
              							_t197 = CreateFileA(0x737fd911, 0xc0000000, 0, 0, 3, 0x82, 0);
              							 *0x737fe515 = _t197;
              							if(_t197 != 0xffffffff) {
              								SetFileTime( *0x737fe515, 0x737ff181, 0x737ff189, 0x737ff191);
              								CloseHandle( *0x737fe515);
              							}
              						}
              					} else {
              						_v9 = 0;
              					}
              					VirtualFree(_v16, _v72, 0x4000);
              					VirtualFree(_v20, _v72, 0x4000);
              					goto L69;
              				} else {
              					_v9 = 0;
              					L69:
              					if(_v8 != 0) {
              						LoadStringA( *0x737fd8a2, 0xb, 0x7380aa3d, 0x400);
              						_t192 = 0x7380aa3d;
              					} else {
              						LoadStringA( *0x737fd8a2, 0xa, 0x7380a63d, 0x400);
              						_t192 = 0x7380a63d;
              						_v9 = 0;
              					}
              					E737F22C0(_t192);
              					if(( *(_a4 + 0x401) & 0x00000008) != 0) {
              						E737F40FA();
              					}
              					return _v9 & 0x000000ff;
              				}
              			}












































              0x737f499a
              0x737f49a1
              0x737f49a5
              0x737f49ba
              0x737f49c4
              0x737f49cf
              0x737f49dc
              0x737f49de
              0x737f49de
              0x737f49f6
              0x737f4a0b
              0x737f4a19
              0x737f4a0d
              0x737f4a0d
              0x737f4a0d
              0x737f4a1b
              0x737f4a2a
              0x737f4a2f
              0x737f4a32
              0x737f4a46
              0x737f4a49
              0x737f4a53
              0x737f4ab1
              0x737f4ab6
              0x737f4a55
              0x737f4a73
              0x737f4a8a
              0x737f4a94
              0x737f4a99
              0x737f4a99
              0x737f4abd
              0x737f4d6a
              0x737f4aca
              0x737f4acd
              0x737f4ad0
              0x737f4ad6
              0x737f4adc
              0x737f4adf
              0x737f4ae2
              0x737f4ae8
              0x737f4af3
              0x737f4af6
              0x737f4af9
              0x737f4afc
              0x737f4aff
              0x737f4b00
              0x737f4b05
              0x737f4b0f
              0x737f4b1e
              0x737f4b2d
              0x737f4b35
              0x737f4b35
              0x737f4b3f
              0x737f4b4e
              0x737f4b5d
              0x737f4b65
              0x737f4b65
              0x737f4d42
              0x737f4b86
              0x737f4b8b
              0x737f4b92
              0x737f4b9d
              0x737f4ba3
              0x737f4bb7
              0x737f4bb7
              0x737f4bd0
              0x737f4bd2
              0x737f4bd2
              0x737f4bd9
              0x737f4be0
              0x737f4d26
              0x737f4d3e
              0x737f4d3f
              0x00000000
              0x737f4d3f
              0x737f4d28
              0x737f4d31
              0x737f4d31
              0x737f4d33
              0x00000000
              0x00000000
              0x737f4d2d
              0x737f4d2e
              0x737f4d2e
              0x737f4d35
              0x737f4be6
              0x737f4bed
              0x737f4c02
              0x737f4c0c
              0x737f4c17
              0x737f4c17
              0x737f4c21
              0x737f4c31
              0x737f4c34
              0x737f4c5b
              0x737f4c69
              0x737f4c72
              0x737f4c72
              0x737f4c5b
              0x737f4c75
              0x737f4c81
              0x737f4c81
              0x737f4c83
              0x00000000
              0x00000000
              0x737f4c7d
              0x737f4c7e
              0x737f4c7e
              0x737f4c8c
              0x737f4c9a
              0x737f4cb7
              0x737f4ce1
              0x737f4cea
              0x737f4cef
              0x737f4cf7
              0x737f4cfc
              0x737f4cff
              0x737f4cff
              0x737f4cb9
              0x737f4cbe
              0x737f4cc3
              0x737f4cc6
              0x737f4cd0
              0x737f4cd5
              0x737f4cd5
              0x737f4c9c
              0x737f4ca3
              0x737f4ca8
              0x737f4cab
              0x737f4cab
              0x737f4c8e
              0x737f4c8e
              0x737f4c8e
              0x737f4d05
              0x737f4d0f
              0x737f4d07
              0x737f4d0a
              0x737f4d0a
              0x737f4d16
              0x737f4d16
              0x737f4be0
              0x737f4d4c
              0x737f4d4f
              0x737f4d52
              0x737f4d55
              0x737f4d58
              0x737f4d5b
              0x737f4d5e
              0x737f4d67
              0x737f4d67
              0x737f4d79
              0x737f4d7e
              0x737f4d88
              0x737f4d8a
              0x737f4d8a
              0x737f4d93
              0x737f4d9c
              0x737f4de7
              0x737f4d9e
              0x737f4da4
              0x737f4dab
              0x737f4da6
              0x737f4da6
              0x737f4da6
              0x737f4dae
              0x737f4db3
              0x737f4dc3
              0x737f4dcb
              0x737f4dd8
              0x737f4dd8
              0x737f4e01
              0x737f4e10
              0x737f4e29
              0x737f4e2e
              0x737f4e36
              0x737f4e4d
              0x737f4e58
              0x737f4e58
              0x737f4e36
              0x737f4e03
              0x737f4e03
              0x737f4e03
              0x737f4e68
              0x737f4e78
              0x00000000
              0x737f49f8
              0x737f49f8
              0x737f4e7d
              0x737f4e81
              0x737f4eb7
              0x737f4ebc
              0x737f4e83
              0x737f4e95
              0x737f4e9a
              0x737f4e9f
              0x737f4e9f
              0x737f4ec2
              0x737f4ed4
              0x737f4ed6
              0x737f4ed6
              0x737f4ee3
              0x737f4ee3

              APIs
              • LoadStringA.USER32 ref: 737F49BA
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000180,00000000,?), ref: 737F22D9
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,0000018B,00000000,00000000), ref: 737F22E8
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000186,-00000001,00000000), ref: 737F22F7
              • LoadStringA.USER32 ref: 737F4E95
                • Part of subcall function 737F40CF: GetModuleHandleA.KERNEL32(kernel32.dll,737F4F4B), ref: 737F40D4
                • Part of subcall function 737F40CF: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 737F40DF
              • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 737F4A2A
              • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,00000000,?,00001000,00000004), ref: 737F4A41
              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00001000,00000004,00000000,?,00001000,00000004), ref: 737F4A73
              • LoadStringA.USER32 ref: 737F4A8A
              • RtlMoveMemory.KERNEL32(?,00000000,?,00001000,00000004,00000000,?,00001000,00000004), ref: 737F4AB1
              • RtlZeroMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00001000,00000004,00000000,?,00001000,00000004), ref: 737F4B00
              • ExpandEnvironmentStringsA.KERNEL32(?,737FF199,00001000,?,?,?,?,?,00000000,?,?,00000000,?,00001000,00000004,00000000), ref: 737F4B1E
              • ExpandEnvironmentStringsA.KERNEL32(?,73800199,00001000,?,?,?,?,?,00000000,?,?,00000000,?,00001000,00000004,00000000), ref: 737F4B4E
              • DialogBoxParamA.USER32 ref: 737F4C54
              • RtlMoveMemory.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 737F4CA3
              • RtlMoveMemory.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 737F4CBE
              • RtlMoveMemory.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 737F4CD0
              • RtlMoveMemory.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 737F4CEA
              • RtlMoveMemory.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 737F4CF7
              • SetFileAttributesA.KERNEL32(737FD911,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 737F4D93
              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,737FD911,?,?,?,?,?,?,?,?,?), ref: 737F4DC3
              • lstrlenW.KERNEL32(?,00000000,00000000,?,000000FF,?,?,737FD911,?,?,?,?,?,?,?,?), ref: 737F4DD1
              • CreateFileA.KERNEL32(737FD911,C0000000,00000000,00000000,00000003,00000082,00000000,737FD911,?,?,737FD911,?,?,?,?,?), ref: 737F4E29
              • SetFileTime.KERNEL32(737FF181,737FF189,737FF191,737FD911,C0000000,00000000,00000000,00000003,00000082,00000000,737FD911,?,?,737FD911,?,?), ref: 737F4E4D
              • CloseHandle.KERNEL32(737FF181,737FF189,737FF191,737FD911,C0000000,00000000,00000000,00000003,00000082,00000000,737FD911,?,?,737FD911,?,?), ref: 737F4E58
              • VirtualFree.KERNEL32(?,?,00004000,737FD911,?,?,737FD911,?,?,?,?,?,?,?,?,?), ref: 737F4E68
              • VirtualFree.KERNEL32(?,?,00004000,?,?,00004000,737FD911,?,?,737FD911,?,?,?,?,?,?), ref: 737F4E78
              • LoadStringA.USER32 ref: 737F4EB7
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Memory$Move$LoadStringVirtual$FileMessageSend$AllocByteCharEnvironmentExpandFreeHandleMultiStringsWide$AddressAttributesCloseCreateDialogModuleParamProcTimeZerolstrlen
              • String ID: $ <>[]|$^!%&/\(){}=?`*+-'#.:;,@~"
              • API String ID: 1051299063-3390012715
              • Opcode ID: fe2b6c470be370a68122ee241c98e4a150d31bfce2bb2dec33c7dd050ea9cd66
              • Instruction ID: afc76b8fa6cb8130ac6a44dabebd487737fb2bcc2e914fa0364e9f9bbea24a80
              • Opcode Fuzzy Hash: fe2b6c470be370a68122ee241c98e4a150d31bfce2bb2dec33c7dd050ea9cd66
              • Instruction Fuzzy Hash: 2FE1667290022AEFEF129B90CE46FAEBBB6FF04304F204158F6157B2A0D7761952DB54
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F3690(struct HWND__* _a4, intOrPtr _a8, struct HDC__* _a12, struct HWND__* _a16) {
              				intOrPtr _t23;
              				void* _t28;
              
              				_t23 = _a8;
              				if(_t23 != 0x110) {
              					if(_t23 != 0x111) {
              						if(_t23 == 0x138 || _t23 == 0x133) {
              							if( *0x737fe537 != 1) {
              								return 0;
              							}
              							if(GetDlgCtrlID(_a16) != 0x65) {
              								SetTextColor(_a12,  *0x737fe940);
              								if( *0x737fe93c != 0xffffffff) {
              									SetBkColor(_a12,  *0x737fe938);
              									_t28 = CreateSolidBrush( *0x737fe938);
              								} else {
              									SetBkMode(_a12, 1);
              									_t28 = GetStockObject(5);
              								}
              								return _t28;
              							}
              							SetTextColor(_a12,  *0x737fe940);
              							if( *0x737fe93c != 0xffffffff) {
              								SetBkColor(_a12,  *0x737fe93c);
              								return CreateSolidBrush( *0x737fe93c);
              							}
              							SetBkMode(_a12, 1);
              							return GetStockObject(5);
              						}
              						if(_t23 == 0x136) {
              							if( *0x737fe537 != 1) {
              								return 0;
              							}
              							return CreateSolidBrush( *0x737fe938);
              						}
              						if(_t23 != 0x2b) {
              							if(_t23 != 0x200) {
              								if(_t23 != 0x10) {
              									return 0;
              								} else {
              									goto L37;
              								}
              							} else {
              								if(_a12 == 1) {
              									SendMessageA(_a4, 0x112, 0xf012, 0);
              								}
              								goto L39;
              							}
              						} else {
              							return E737F3C60(_a4, _a16);
              						}
              					} else {
              						if(_a12 == 0x66) {
              							L37:
              							EndDialog(_a4, 0);
              						}
              						goto L39;
              					}
              				} else {
              					if((GetWindowLongA( *0x737fd8a6, 0xffffffec) & 0x00000008) == 0) {
              						SetWindowPos(_a4, 0xfffffffe, 0, 0, 0, 0, 3);
              					}
              					SetDlgItemTextA(_a4, 0x65, E737F2A53( *0x737fd8aa, 8));
              					if( *0x737fe537 == 1 &&  *0x737fe954 != 0xffffffff &&  *0x737fe958 != 0xffffffff) {
              						E737F3C34(_a4, 0x66);
              					}
              					E737F16E0( *0x737fd8a2, _a4, "BTN_ABOUT_OK_UP", "BTN_ABOUT_OK_DOWN", "BTN_ABOUT_OK_OVER", 0x66);
              					_t48 = E737F1460( *0x737fd8a2, 0xb, 1);
              					if(E737F1460( *0x737fd8a2, 0xb, 1) != 0) {
              						E737F3AE0(_a4, _t48);
              					}
              					E737F7260(_a4,  *0x737fd8a6);
              					L39:
              					return 1;
              				}
              				goto L40;
              			}





              0x737f3696
              0x737f369e
              0x737f375c
              0x737f3779
              0x737f378d
              0x00000000
              0x737f382b
              0x737f379f
              0x737f37ef
              0x737f37fb
              0x737f3819
              0x737f3824
              0x737f37fd
              0x737f3802
              0x737f3809
              0x737f3809
              0x00000000
              0x737f37fb
              0x737f37aa
              0x737f37b6
              0x737f37d4
              0x00000000
              0x737f37df
              0x737f37bd
              0x00000000
              0x737f37c4
              0x737f3841
              0x737f384a
              0x00000000
              0x737f3859
              0x00000000
              0x737f3852
              0x737f386a
              0x737f3885
              0x737f38a6
              0x737f38bd
              0x00000000
              0x00000000
              0x00000000
              0x737f3887
              0x737f388b
              0x737f389c
              0x737f389c
              0x00000000
              0x737f388b
              0x737f386c
              0x737f387b
              0x737f387b
              0x737f375e
              0x737f3764
              0x737f38a8
              0x737f38ad
              0x737f38ad
              0x00000000
              0x737f3764
              0x737f36a4
              0x737f36b6
              0x737f36c7
              0x737f36c7
              0x737f36df
              0x737f36eb
              0x737f3704
              0x737f3704
              0x737f3723
              0x737f3737
              0x737f3739
              0x737f373f
              0x737f373f
              0x737f374d
              0x737f38c0
              0x737f38c9
              0x737f38c9
              0x00000000

              APIs
              • GetWindowLongA.USER32 ref: 737F36AC
              • SetWindowPos.USER32(?,000000FE,00000000,00000000,00000000,00000000,00000003,000000EC), ref: 737F36C7
              • SetDlgItemTextA.USER32 ref: 737F36DF
              • EndDialog.USER32(?,00000000), ref: 737F38AD
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Window$DialogItemLongText
              • String ID: BTN_ABOUT_OK_DOWN$BTN_ABOUT_OK_OVER$BTN_ABOUT_OK_UP
              • API String ID: 917433306-3517212525
              • Opcode ID: ef4bbd009ab7174fb620d9854021a6bbc743cb48c8ca0a5e310ce171e3d383b8
              • Instruction ID: 1cb754dd23e589264dfb67ea20975562cba863ed8fb28acad4035b572dffa854
              • Opcode Fuzzy Hash: ef4bbd009ab7174fb620d9854021a6bbc743cb48c8ca0a5e310ce171e3d383b8
              • Instruction Fuzzy Hash: FC51A672604307BBFF226A15DD85F893B67FB00360F208526F556672E0C76B94A3FA61
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F16E0(struct HINSTANCE__* _a4, struct HWND__* _a8, CHAR* _a12, CHAR* _a16, CHAR* _a20, struct HMENU__* _a24) {
              				struct HWND__* _v8;
              				long _v12;
              				long _v16;
              				long _v20;
              				int _v24;
              				int _v28;
              				char _v44;
              				char _v60;
              				char _v108;
              				struct HWND__* _t50;
              				long _t52;
              				long _t54;
              				struct HWND__* _t71;
              				struct HINSTANCE__* _t79;
              				struct tagRECT* _t80;
              				struct HINSTANCE__* _t81;
              				struct HWND__* _t82;
              				struct tagRECT* _t85;
              				struct HWND__* _t86;
              				WNDCLASSEXA* _t87;
              
              				_t79 = _a4;
              				_t50 = LoadBitmapA(_t79, _a12);
              				if(_t50 != 0) {
              					_v12 = _t50;
              					_t52 = LoadBitmapA(_t79, _a16);
              					if(_t52 == 0) {
              						_t52 = _v12;
              					}
              					_v16 = _t52;
              					_t54 = LoadBitmapA(_t79, _a20);
              					if(_t54 == 0) {
              						_t54 = _v12;
              					}
              					_v20 = _t54;
              					_t50 = GetDlgItem(_a8, _a24);
              					if(_t50 != 0) {
              						_t86 = _t50;
              						_t80 =  &_v60;
              						GetWindowRect(_t86, _t80);
              						_t85 =  &_v44;
              						GetWindowRect(_a8, _t85);
              						_v24 = _t80->left - _t85->left;
              						_v28 = _t80->top - _t85->top;
              						E737F18B0(_a8,  &_v24,  &_v28);
              						_t81 = _t79;
              						ShowWindow(_t86, 0);
              						_t87 =  &_v108;
              						_t87->cbSize = 0x30;
              						_t87->style = 0x2000;
              						 *((intOrPtr*)(_t87 + 8)) =  &M737F1980;
              						_t87->cbClsExtra = 0;
              						_t87->cbWndExtra = 0x14;
              						_t87->hInstance = _t81;
              						_t87->hbrBackground = 0x10;
              						_t87->lpszMenuName = 0;
              						_t87->lpszClassName = "Bmp_Button_Class";
              						_t87->hIcon = 0;
              						_t87->hCursor = LoadCursorA(0, 0x7f00);
              						_t87->hIconSm = 0;
              						RegisterClassExA(_t87);
              						_t82 = CreateWindowExA(0x20, "Bmp_Button_Class", 0, 0x50000000, _v24, _v28, 0, 0, _a8, _a24, _t81, 0);
              						SetWindowLongA(_t82, 0, _v12);
              						SetWindowLongA(_t82, 4, _v16);
              						SetWindowLongA(_t82, 8, _v20);
              						_t71 = CreateWindowExA(0, "STATIC", 0, 0x5000000e, 0, 0, 0, 0, _t82, _a24, _a4, 0);
              						_v8 = _t71;
              						SendMessageA(_t71, 0x172, 0, _v12);
              						GetWindowRect(_v8, _t85);
              						SetWindowLongA(_t82, 0xc, _v8);
              						SetWindowPos(_t82, 0, 0, 0, _t85->right - _t85->left, _t85->bottom - _t85->top, 2);
              						return _t82;
              					}
              				}
              				return _t50;
              			}























              0x737f16e9
              0x737f16f0
              0x737f16f7
              0x737f16fd
              0x737f1709
              0x737f170b
              0x737f170d
              0x737f170d
              0x737f1710
              0x737f171c
              0x737f171e
              0x737f1720
              0x737f1720
              0x737f1723
              0x737f172c
              0x737f1733
              0x737f1739
              0x737f173c
              0x737f1741
              0x737f1746
              0x737f174d
              0x737f1756
              0x737f175f
              0x737f176d
              0x737f1772
              0x737f1776
              0x737f178e
              0x737f1791
              0x737f1797
              0x737f179e
              0x737f17a5
              0x737f17ac
              0x737f17b3
              0x737f17b6
              0x737f17bd
              0x737f17c4
              0x737f17cb
              0x737f17de
              0x737f17e1
              0x737f17e9
              0x737f1814
              0x737f181c
              0x737f1827
              0x737f1832
              0x737f1856
              0x737f185b
              0x737f1869
              0x737f1872
              0x737f187d
              0x737f1898
              0x00000000
              0x737f189d
              0x737f1733
              0x737f18a3

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Window$Load$BitmapLong$CreateRect$ClassCursorItemRegisterShow
              • String ID: Bmp_Button_Class$STATIC
              • API String ID: 3511724289-4004187156
              • Opcode ID: ccc479cde73bc79b4ae1a5499fab614d02edf6a612f61652061d808653be3bd7
              • Instruction ID: 9091e6eede70f6412b247050146b0824755723084ca53e60d9a21e5d4177be63
              • Opcode Fuzzy Hash: ccc479cde73bc79b4ae1a5499fab614d02edf6a612f61652061d808653be3bd7
              • Instruction Fuzzy Hash: A5513F7164030ABFFB119FA0CE85F9EBBB9FF04710F108618F6056B290D7B5A5129B94
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 97%
              			E737F197E(struct HWND__* _a4, int _a8, int _a12, signed int _a16) {
              				struct tagRECT _v20;
              				char _v28;
              				int _t38;
              				long _t40;
              				void* _t50;
              				struct HWND__* _t52;
              				void* _t62;
              				long _t64;
              				long _t67;
              				long _t71;
              				signed int _t76;
              				void* _t82;
              				void* _t84;
              				signed int _t85;
              				signed int* _t86;
              				intOrPtr* _t87;
              				struct tagRECT* _t88;
              
              				_t38 = _a8;
              				if(_t38 != 0x201) {
              					if(_t38 != 0x200) {
              						if(_t38 != 0x202) {
              							goto L22;
              						} else {
              							if( *0x737fd888 != 0) {
              								 *0x737fd888 = 0;
              								 *0x737fd889 = 0;
              								_t40 = GetWindowLongA(_a4, 0);
              								SendMessageA(GetWindowLongA(_a4, 0xc), 0x172, 0, _t40);
              								_t85 = _a16;
              								asm("rol eax, 0x10");
              								_t76 = _a16;
              								GetWindowRect(_a4,  &_v20);
              								_t87 =  &_v20;
              								_t50 =  *((intOrPtr*)(_t87 + 8)) -  *_t87;
              								_t82 =  *((intOrPtr*)(_t87 + 0xc)) -  *((intOrPtr*)(_t87 + 4));
              								if(_t85 > 0 && _t76 > 0 && _t85 < _t50 && _t76 < _t82) {
              									_t52 = GetParent(_a4);
              									SendMessageA(_t52, 0x111, GetDlgCtrlID(_a4), _a4);
              								}
              								ReleaseCapture();
              								goto L22;
              							} else {
              								return _t38;
              							}
              						}
              					} else {
              						_t88 =  &_v20;
              						_t86 =  &_v28;
              						GetWindowRect(_a4, _t88);
              						 *_t86 = _a16 & 0x0000ffff;
              						_t86[1] = (_a16 & 0xffff0000) >> 0x10;
              						_t62 = _t88->right - _t88->left;
              						_t84 = _t88->bottom - _t88->top;
              						if( *_t86 < 0 || _t86[1] < 0 ||  *_t86 > _t62 || _t86[1] > _t84) {
              							if( *0x737fd888 != 0) {
              								goto L9;
              							} else {
              								_t67 = GetWindowLongA(_a4, 0);
              								SendMessageA(GetWindowLongA(_a4, 0xc), 0x172, 0, _t67);
              								ReleaseCapture();
              								 *0x737fd889 = 0;
              								 *0x737fd888 = 0;
              								goto L22;
              							}
              						} else {
              							L9:
              							if( *0x737fd888 != 0 ||  *0x737fd889 != 0) {
              								return _t62;
              							} else {
              								SetCapture(_a4);
              								_t64 = GetWindowLongA(_a4, 8);
              								SendMessageA(GetWindowLongA(_a4, 0xc), 0x172, 0, _t64);
              								 *0x737fd889 = 1;
              								 *0x737fd888 = 0;
              								goto L22;
              							}
              						}
              					}
              				} else {
              					_t71 = GetWindowLongA(_a4, 4);
              					SendMessageA(GetWindowLongA(_a4, 0xc), 0x172, 0, _t71);
              					SetCapture(_a4);
              					 *0x737fd888 = 1;
              					 *0x737fd889 = 0;
              					L22:
              					return DefWindowProcA(_a4, _a8, _a12, _a16);
              				}
              			}




















              0x737f1989
              0x737f1991
              0x737f19d7
              0x737f1ac5
              0x00000000
              0x737f1acb
              0x737f1ad2
              0x737f1ae0
              0x737f1ae7
              0x737f1af3
              0x737f1b0d
              0x737f1b16
              0x737f1b1b
              0x737f1b1f
              0x737f1b28
              0x737f1b2d
              0x737f1b33
              0x737f1b38
              0x737f1b3e
              0x737f1b50
              0x737f1b69
              0x737f1b69
              0x737f1b6e
              0x00000000
              0x737f1ad8
              0x737f1ad8
              0x737f1ad8
              0x737f1ad2
              0x737f19dd
              0x737f19dd
              0x737f19e0
              0x737f19e7
              0x737f19f4
              0x737f1a01
              0x737f1a07
              0x737f1a0c
              0x737f1a12
              0x737f1a2a
              0x00000000
              0x737f1a2c
              0x737f1a31
              0x737f1a4b
              0x737f1a50
              0x737f1a55
              0x737f1a5c
              0x00000000
              0x737f1a5c
              0x737f1a68
              0x737f1a68
              0x737f1a6f
              0x737f1a7e
              0x737f1a81
              0x737f1a84
              0x737f1a8e
              0x737f1aa8
              0x737f1aad
              0x737f1ab4
              0x00000000
              0x737f1ab4
              0x737f1a6f
              0x737f1a12
              0x737f1993
              0x737f1998
              0x737f19b2
              0x737f19ba
              0x737f19bf
              0x737f19c6
              0x737f1b73
              0x737f1b88
              0x737f1b88

              APIs
              • GetWindowLongA.USER32 ref: 737F1998
              • GetWindowLongA.USER32 ref: 737F19A4
              • SendMessageA.USER32(00000000,00000172,00000000,00000000), ref: 737F19B2
              • SetCapture.USER32(?,00000000,00000172,00000000,00000000,?,0000000C,?,00000004), ref: 737F19BA
              • GetWindowRect.USER32 ref: 737F19E7
              • GetWindowLongA.USER32 ref: 737F1A31
              • GetWindowLongA.USER32 ref: 737F1A3D
              • SendMessageA.USER32(00000000,00000172,00000000,00000000), ref: 737F1A4B
              • ReleaseCapture.USER32(00000000,00000172,00000000,00000000,?,0000000C,?,00000000,?,?), ref: 737F1A50
              • DefWindowProcA.USER32(?,?,?,?), ref: 737F1B7F
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Window$Long$CaptureMessageSend$ProcRectRelease
              • String ID:
              • API String ID: 2818777917-0
              • Opcode ID: 5f40578f8e02049871235652b101bb15acc29089049a5bb8775908e680e151b2
              • Instruction ID: 60f889822fbd7f51e856c991c44f225db6db17988af470ae09ae95162d21bbf6
              • Opcode Fuzzy Hash: 5f40578f8e02049871235652b101bb15acc29089049a5bb8775908e680e151b2
              • Instruction Fuzzy Hash: 7C517E32700347AFFB129B64CEC9B8A3FA6FB00340F14C211E5096B2E5D7B59893A794
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 95%
              			E737F58B0(struct HWND__* _a4, intOrPtr _a8, struct HDC__* _a12, intOrPtr _a16) {
              				char _v1028;
              				intOrPtr _t28;
              				CHAR* _t45;
              				int _t57;
              				void* _t58;
              				CHAR* _t59;
              				void* _t60;
              
              				_t28 = _a8;
              				if(_t28 != 0x110) {
              					if(_t28 != 0x111) {
              						if(_t28 == 0x138) {
              							if( *0x737fe537 != 1) {
              								return 0;
              							}
              							SetTextColor(_a12,  *0x737fe940);
              							if( *0x737fe93c != 0xffffffff) {
              								SetBkColor(_a12,  *0x737fe93c);
              								return CreateSolidBrush( *0x737fe93c);
              							}
              							SetBkMode(_a12, 1);
              							return GetStockObject(5);
              						}
              						if(_t28 == 0x136) {
              							if( *0x737fe537 != 1) {
              								return 0;
              							}
              							return CreateSolidBrush( *0x737fe938);
              						}
              						if(_t28 != 0x2b) {
              							if(_t28 != 0x200) {
              								if(_t28 != 0x10) {
              									return 0;
              								} else {
              									goto L41;
              								}
              							} else {
              								if(_a12 == 1) {
              									SendMessageA(_a4, 0x112, 0xf012, 0);
              								}
              								goto L43;
              							}
              						} else {
              							return E737F3C60(_a4, _a16);
              						}
              					} else {
              						if(_a12 != 0x66) {
              							if((GetKeyState(0xd) & 0x00008000) != 0) {
              								SendMessageA(_a4, 0x111, 0x66, 0);
              							}
              						} else {
              							_t45 =  *0x7380e641;
              							 *_t45 = 0;
              							if(GetDlgItemTextA(_a4, 0x65, _t45, 0x400) != 0) {
              								L41:
              								EndDialog(_a4,  *0x7380e641);
              							}
              						}
              						goto L43;
              					}
              				} else {
              					_push(_a16);
              					_pop( *0x7380e641);
              					if((GetWindowLongA( *0x737fd8a6, 0xffffffec) & 0x00000008) == 0) {
              						SetWindowPos(_a4, 0xfffffffe, 0, 0, 0, 0, 3);
              					}
              					if( *0x737fe537 == 1 &&  *0x737fe954 != 0xffffffff &&  *0x737fe958 != 0xffffffff) {
              						E737F3C34(_a4, 0x66);
              					}
              					E737F16E0( *0x737fd8a2, _a4, "BTN_REGP_OK_UP", "BTN_REGP_OK_DOWN", "BTN_REGP_OK_OVER", 0x66);
              					_t51 = E737F1460( *0x737fd8a2, 0xb, 1);
              					if(E737F1460( *0x737fd8a2, 0xb, 1) != 0) {
              						E737F3AE0(_a4, _t51);
              					}
              					E737F7260(_a4,  *0x737fd8a6);
              					_t60 =  *0x7380e63d;
              					_t59 =  &_v1028;
              					if( *_t60 == 0x24) {
              						_t60 = _t60 + 1;
              					}
              					_t57 = 0;
              					while( *((char*)(_t60 + _t57)) != 0x24 &&  *((char*)(_t60 + _t57)) != 0) {
              						_t57 = _t57 + 1;
              					}
              					RtlMoveMemory(_t59, _t60, _t57);
              					_t58 = _t57;
              					 *((char*)(_t58 + _t59)) = 0;
              					SetWindowTextA(_a4, _t59);
              					L43:
              					return 1;
              				}
              				goto L44;
              			}










              0x737f58bc
              0x737f58c4
              0x737f59ad
              0x737f5a09
              0x737f5a12
              0x00000000
              0x737f5a59
              0x737f5a1d
              0x737f5a29
              0x737f5a47
              0x00000000
              0x737f5a52
              0x737f5a30
              0x00000000
              0x737f5a37
              0x737f5a6f
              0x737f5a78
              0x00000000
              0x737f5a87
              0x00000000
              0x737f5a80
              0x737f5a98
              0x737f5ab3
              0x737f5ad4
              0x737f5aef
              0x00000000
              0x00000000
              0x00000000
              0x737f5ab5
              0x737f5ab9
              0x737f5aca
              0x737f5aca
              0x00000000
              0x737f5ab9
              0x737f5a9a
              0x737f5aa9
              0x737f5aa9
              0x737f59af
              0x737f59b5
              0x737f59ec
              0x737f59fa
              0x737f59fa
              0x737f59b7
              0x737f59b7
              0x737f59bc
              0x737f59d1
              0x737f5ad6
              0x737f5adf
              0x737f5adf
              0x737f59d1
              0x00000000
              0x737f59b5
              0x737f58ca
              0x737f58ca
              0x737f58cd
              0x737f58e5
              0x737f58f6
              0x737f58f6
              0x737f5902
              0x737f591b
              0x737f591b
              0x737f593a
              0x737f594e
              0x737f5950
              0x737f5956
              0x737f5956
              0x737f5964
              0x737f5969
              0x737f596f
              0x737f5978
              0x737f597a
              0x737f597a
              0x737f597b
              0x737f5980
              0x737f597f
              0x737f597f
              0x737f5990
              0x737f5995
              0x737f5996
              0x737f599e
              0x737f5af2
              0x737f5afb
              0x737f5afb
              0x00000000

              APIs
              • GetWindowLongA.USER32 ref: 737F58DB
              • SetWindowPos.USER32(?,000000FE,00000000,00000000,00000000,00000000,00000003,000000EC,?), ref: 737F58F6
              • RtlMoveMemory.KERNEL32(?,?,00000000,00000000,?), ref: 737F5990
              • SetWindowTextA.USER32(?,?), ref: 737F599E
              • GetDlgItemTextA.USER32 ref: 737F59CA
              • EndDialog.USER32(?), ref: 737F5ADF
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Window$Text$DialogItemLongMemoryMove
              • String ID: BTN_REGP_OK_DOWN$BTN_REGP_OK_OVER$BTN_REGP_OK_UP
              • API String ID: 1467606235-2190942234
              • Opcode ID: bdcb371ebb97c54c51a4c45785ad8049df29d6e3cf9472ea6f5c0e6d88541ebf
              • Instruction ID: f65929f3be8777cd8693104e84004994f5b34dd3374ee5b53d93e6e13cdd7e4e
              • Opcode Fuzzy Hash: bdcb371ebb97c54c51a4c45785ad8049df29d6e3cf9472ea6f5c0e6d88541ebf
              • Instruction Fuzzy Hash: 2351F972604207BBFB229A15DDC5F493F66FB00374F648222F1566B2E0C7A685A3E751
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 94%
              			E737F5516(intOrPtr _a4) {
              				signed char _v5;
              				char _v1029;
              				void* _v1036;
              				void* _v1040;
              				long _v1044;
              				long _v1048;
              				struct _SHELLEXECUTEINFOA _v1108;
              				long _t55;
              				void* _t58;
              				long _t76;
              				void* _t79;
              				intOrPtr _t81;
              
              				_v5 = 0;
              				LoadStringA( *0x737fd8a2, 4, 0x7380e23d, 0x400);
              				E737F22C0(0x7380e23d);
              				GetTempPathA(0x400,  &_v1029);
              				lstrcatA( &_v1029, "\\regpatch.reg");
              				_t81 = _a4;
              				if(( *(_t81 + 5) & 0x00000008) != 0) {
              					E737F40CF();
              				}
              				_t55 =  *((intOrPtr*)(_t81 + 1)) + 0x100000;
              				_v1044 = _t55;
              				_v1036 = VirtualAlloc(0, _t55, 0x1000, 4);
              				_t58 = E737F57A2(_t81 + 9, _v1036);
              				_t79 = _v1036;
              				if(( *(_t81 + 5) & 0x00000001) != 0) {
              					_t76 =  *((intOrPtr*)(_t81 + 1)) + 0x100000;
              					_v1048 = _t76;
              					_v1040 = VirtualAlloc(0, _t76, 0x1000, 4);
              					_t58 = E737F56F6(_v1036, _v1040, _v1048);
              					_t79 = _v1040;
              				}
              				if(E737F6D4C( &_v1029, _t79, _t58) != 0) {
              					lstrcpyA(0x737fd911, "/s \"");
              					lstrcatA(0x737fd911,  &_v1029);
              					lstrcatA(0x737fd911, 0x737fd701);
              					_push(0x3c);
              					_push( &_v1108);
              					L737F6B70();
              					_v1108.cbSize = 0x3c;
              					_v1108.fMask = 0x40;
              					_v1108.lpVerb = "open";
              					_v1108.lpFile = "regedit.exe";
              					_v1108.lpParameters = 0x737fd911;
              					_v1108.nShow = 0;
              					ShellExecuteExA( &_v1108);
              					WaitForSingleObject(_v1108.hProcess, 0xffffffff);
              					_v5 = 1;
              				}
              				VirtualFree(_v1036, _v1044, 0x4000);
              				if(( *(_t81 + 5) & 0x00000001) != 0) {
              					VirtualFree(_v1040, _v1048, 0x4000);
              				}
              				DeleteFileA( &_v1029);
              				if(( *(_t81 + 5) & 0x00000008) != 0) {
              					E737F40FA();
              				}
              				return _v5 & 0x000000ff;
              			}















              0x737f5522
              0x737f5538
              0x737f5542
              0x737f5553
              0x737f5564
              0x737f5569
              0x737f5573
              0x737f5575
              0x737f5575
              0x737f557d
              0x737f5582
              0x737f5597
              0x737f55a7
              0x737f55ac
              0x737f55b9
              0x737f55be
              0x737f55c3
              0x737f55d8
              0x737f55f0
              0x737f55f5
              0x737f55f5
              0x737f560b
              0x737f561c
              0x737f5629
              0x737f5634
              0x737f5639
              0x737f5641
              0x737f5642
              0x737f5647
              0x737f5651
              0x737f565b
              0x737f5665
              0x737f566f
              0x737f5675
              0x737f5686
              0x737f5693
              0x737f5698
              0x737f5698
              0x737f56ad
              0x737f56b9
              0x737f56cc
              0x737f56cc
              0x737f56d8
              0x737f56e4
              0x737f56e6
              0x737f56e6
              0x737f56f3

              APIs
              • LoadStringA.USER32 ref: 737F5538
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000180,00000000,?), ref: 737F22D9
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,0000018B,00000000,00000000), ref: 737F22E8
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000186,-00000001,00000000), ref: 737F22F7
              • GetTempPathA.KERNEL32(00000400,?,00000004,7380E23D,00000400,00000001,?,00000000,?,737F637F,00000000,00000001,00000000,73810A45,00000400,00000184), ref: 737F5553
              • lstrcatA.KERNEL32(?,\regpatch.reg,00000400,?,00000004,7380E23D,00000400,00000001,?,00000000,?,737F637F,00000000,00000001,00000000,73810A45), ref: 737F5564
              • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,?,\regpatch.reg,00000400,?,00000004,7380E23D,00000400,00000001,?,00000000,?,737F637F), ref: 737F5592
              • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,?,?,00000000,?,00001000,00000004,?,\regpatch.reg,00000400,?,00000004,7380E23D), ref: 737F55D3
              • lstrcpyA.KERNEL32(737FD911,/s ",?,?,00000000,?,?,00000000,?,00001000,00000004,?,\regpatch.reg,00000400,?,00000004), ref: 737F561C
              • lstrcatA.KERNEL32(737FD911,?,737FD911,/s ",?,?,00000000,?,?,00000000,?,00001000,00000004,?,\regpatch.reg,00000400), ref: 737F5629
              • lstrcatA.KERNEL32(737FD911,737FD701,737FD911,?,737FD911,/s ",?,?,00000000,?,?,00000000,?,00001000,00000004,?), ref: 737F5634
              • RtlZeroMemory.KERNEL32(?,0000003C,737FD911,737FD701,737FD911,?,737FD911,/s ",?,?,00000000,?,?,00000000,?,00001000), ref: 737F5642
              • ShellExecuteExA.SHELL32(0000003C,?,0000003C,737FD911,737FD701,737FD911,?,737FD911,/s ",?,?,00000000,?,?,00000000,?), ref: 737F5686
              • WaitForSingleObject.KERNEL32(?,000000FF,0000003C,?,0000003C,737FD911,737FD701,737FD911,?,737FD911,/s ",?,?,00000000,?,?), ref: 737F5693
              • VirtualFree.KERNEL32(?,?,00004000,?,?,00000000,?,?,00000000,?,00001000,00000004,?,\regpatch.reg,00000400,?), ref: 737F56AD
              • VirtualFree.KERNEL32(?,?,00004000,?,?,00004000,?,?,00000000,?,?,00000000,?,00001000,00000004,?), ref: 737F56CC
              • DeleteFileA.KERNEL32(?,?,?,00004000,?,?,00000000,?,?,00000000,?,00001000,00000004,?,\regpatch.reg,00000400), ref: 737F56D8
                • Part of subcall function 737F40CF: GetModuleHandleA.KERNEL32(kernel32.dll,737F4F4B), ref: 737F40D4
                • Part of subcall function 737F40CF: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 737F40DF
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Virtual$MessageSendlstrcat$AllocFree$AddressDeleteExecuteFileHandleLoadMemoryModuleObjectPathProcShellSingleStringTempWaitZerolstrcpy
              • String ID: /s "$<$@$\regpatch.reg
              • API String ID: 2640690069-2261817607
              • Opcode ID: fbbfa692d8b1d0417038340689e0412f5f90c6954a07db92663eee044e3f5edc
              • Instruction ID: 915f15cf3999d44846c5b1c3e3bbc27a1877a7433cc4258af30a18728df38489
              • Opcode Fuzzy Hash: fbbfa692d8b1d0417038340689e0412f5f90c6954a07db92663eee044e3f5edc
              • Instruction Fuzzy Hash: 304193F190031AABEB219B50CE84FDA77B9BF44304F1081D8A75977291C7B15B879F29
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 86%
              			E737F28D8(intOrPtr _a4, signed int _a8) {
              				void* _t7;
              				void* _t21;
              
              				asm("pushad");
              				_t21 =  *0x737fe515;
              				if(_t21 != 0) {
              					UnmapViewOfFile( *0x737fe521);
              					CloseHandle( *0x737fe525);
              					SetFilePointer(_t21,  *0x737fe529, 0x737fe51d, 0);
              					SetEndOfFile(_t21);
              					CloseHandle(_t21);
              					E737F2368(_a4);
              					_t7 = SetFileAttributesA(0x737fd911,  *0x737fe511);
              					if((_a8 & 0x00000010) != 0) {
              						_t7 = CreateFileA(0x737fd911, 0xc0000000, 0, 0, 3, 0x82, 0);
              						 *0x737fe515 = _t7;
              						if(_t7 != 0xffffffff) {
              							SetFileTime( *0x737fe515, 0x737ff181, 0x737ff189, 0x737ff191);
              							CloseHandle( *0x737fe515);
              							_t7 = E737F22C0("Restore original file time : OK");
              						}
              					}
              				}
              				asm("popad");
              				return _t7;
              			}





              0x737f28db
              0x737f28e2
              0x737f28e4
              0x737f2918
              0x737f2923
              0x737f2936
              0x737f293c
              0x737f2942
              0x737f294a
              0x737f295a
              0x737f2966
              0x737f297f
              0x737f2984
              0x737f298c
              0x737f29a3
              0x737f29ae
              0x737f29b8
              0x737f29b8
              0x737f298c
              0x737f2966
              0x737f29bd
              0x737f29bf

              APIs
              • UnmapViewOfFile.KERNEL32 ref: 737F2918
              • CloseHandle.KERNEL32 ref: 737F2923
              • SetFilePointer.KERNEL32(?,737FE51D,00000000), ref: 737F2936
              • SetEndOfFile.KERNEL32(?,?,737FE51D,00000000), ref: 737F293C
              • CloseHandle.KERNEL32(?,?,?,737FE51D,00000000), ref: 737F2942
              • SetFileAttributesA.KERNEL32(737FD911,?,?,?,737FE51D,00000000), ref: 737F295A
              • CreateFileA.KERNEL32(737FD911,C0000000,00000000,00000000,00000003,00000082,00000000,737FD911,?,?,?,737FE51D,00000000), ref: 737F297F
              • SetFileTime.KERNEL32(737FF181,737FF189,737FF191,737FD911,C0000000,00000000,00000000,00000003,00000082,00000000,737FD911,?,?,?,737FE51D,00000000), ref: 737F29A3
              • CloseHandle.KERNEL32(737FF181,737FF189,737FF191,737FD911,C0000000,00000000,00000000,00000003,00000082,00000000,737FD911,?,?,?,737FE51D,00000000), ref: 737F29AE
                • Part of subcall function 737F29EF: LoadLibraryA.KERNEL32(Imagehlp.dll), ref: 737F2A02
                • Part of subcall function 737F29EF: GetProcAddress.KERNEL32(00000000,CheckSumMappedFile), ref: 737F2A13
                • Part of subcall function 737F29EF: CloseHandle.KERNEL32(00000000,00000000,CheckSumMappedFile,Imagehlp.dll), ref: 737F2A48
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000180,00000000,?), ref: 737F22D9
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,0000018B,00000000,00000000), ref: 737F22E8
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000186,-00000001,00000000), ref: 737F22F7
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: File$CloseHandle$MessageSend$AddressAttributesCreateLibraryLoadPointerProcTimeUnmapView
              • String ID: $PE CheckSum Fix : Failed$PE CheckSum Fix : OK$Restore original file time : OK
              • API String ID: 2362126809-2918191134
              • Opcode ID: 67da23450b73431c61161c345fa648ce9c1be3cc350172f0673b8241250821ea
              • Instruction ID: 4d7d32de1d6e22cf1b8a58481ad74ffb261498a1880e545ca1d825006b587eff
              • Opcode Fuzzy Hash: 67da23450b73431c61161c345fa648ce9c1be3cc350172f0673b8241250821ea
              • Instruction Fuzzy Hash: 53110C3624031F7FEA11BBA1CF49F1D3625BB04720F258210F9557B3E2DB689613AE65
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 93%
              			E737F4EE6(void* __ecx, intOrPtr _a4) {
              				struct _SECURITY_ATTRIBUTES* _v8;
              				struct _SECURITY_ATTRIBUTES* _v12;
              				void* _t57;
              				void* _t69;
              				intOrPtr* _t77;
              				intOrPtr _t78;
              				intOrPtr _t93;
              				intOrPtr _t96;
              				intOrPtr _t99;
              
              				LoadStringA( *0x737fd8a2, 0x1b, 0x7380ae3d, 0x400);
              				E737F22C0(0x7380ae3d);
              				_v12 = 1;
              				if( *0x737fe95c == 0) {
              					_v8 = 0;
              					 *0x737fe95c = 1;
              				} else {
              					_v8 = 1;
              				}
              				_t99 = _a4;
              				if(( *(_t99 + 0x401) & 0x00000040) != 0) {
              					E737F40CF();
              				}
              				_t57 = E737F2463(_t99 + 1, 0, 0x80000000);
              				_t58 = _t57;
              				if(_t57 != 0) {
              					if(( *(_t99 + 0x401) & 0x00000001) != 0) {
              						LoadStringA( *0x737fd8a2, 0x15, 0x7380b23d, 0x400);
              						_t58 = E737F22C0(0x7380b23d);
              					}
              					if(( *(_t99 + 0x401) & 0x00000002) != 0) {
              						if( *0x737fe519 !=  *((intOrPtr*)(_t99 + 0x405))) {
              							LoadStringA( *0x737fd8a2, 0x21, 0x7380ba3d, 0x400);
              							_t58 = E737F22C0(0x7380ba3d);
              							_v12 = 0;
              						} else {
              							LoadStringA( *0x737fd8a2, 0x21, 0x7380b63d, 0x400);
              							_t58 = E737F22C0(0x7380b63d);
              						}
              					}
              					if(( *(_t99 + 0x401) & 0x00000004) != 0) {
              						if( *((intOrPtr*)(_t99 + 0x409)) != E737F1020(_t58,  *0x737fe519,  *0x737fe521)) {
              							LoadStringA( *0x737fd8a2, 0x23, 0x7380c23d, 0x400);
              							E737F22C0(0x7380c23d);
              							_v12 = 0;
              						} else {
              							LoadStringA( *0x737fd8a2, 0x1e, 0x7380be3d, 0x400);
              							E737F22C0(0x7380be3d);
              						}
              					}
              					if(( *(_t99 + 0x401) & 0x00000008) != 0) {
              						E737FA5B8(E737FA578(),  *0x737fe521,  *0x737fe519);
              						_t77 = E737FA618();
              						asm("bswap ecx");
              						_t96 =  *((intOrPtr*)(_t77 + 4));
              						asm("bswap edx");
              						_t93 =  *((intOrPtr*)(_t77 + 8));
              						asm("bswap ebx");
              						_t78 =  *((intOrPtr*)(_t77 + 0xc));
              						asm("bswap eax");
              						if( *((intOrPtr*)(_t99 + 0x40d)) !=  *_t77 ||  *((intOrPtr*)(_t99 + 0x411)) != _t96 ||  *((intOrPtr*)(_t99 + 0x415)) != _t93 ||  *((intOrPtr*)(_t99 + 0x419)) != _t78) {
              							LoadStringA( *0x737fd8a2, 0x1a, 0x7380ca3d, 0x400);
              							E737F22C0(0x7380ca3d);
              							_v12 = 0;
              						} else {
              							LoadStringA( *0x737fd8a2, 0x19, 0x7380c63d, 0x400);
              							E737F22C0(0x7380c63d);
              						}
              					}
              					if(( *(_t99 + 0x401) & 0x00000010) != 0) {
              						if(( *(_t99 + 0x401) & 0x00000020) == 0) {
              							_t69 = E737F548F( *0x737fe521,  *0x737fe519, _t99 + 0x41d);
              						} else {
              							_t69 = E737F548F( *0x737fe521 +  *((intOrPtr*)(_t99 + 0x1425)),  *((intOrPtr*)(_t99 + 0x41d)), _t99 + 0x41d);
              						}
              						if(_t69 != 0xffffffff) {
              							LoadStringA( *0x737fd8a2, 0x30, 0x7380d23d, 0x400);
              							E737F22C0(0x7380d23d);
              						} else {
              							LoadStringA( *0x737fd8a2, 0x31, 0x7380ce3d, 0x400);
              							E737F22C0(0x7380ce3d);
              							_v12 = 0;
              						}
              					}
              					goto L31;
              				} else {
              					_v12 = 0;
              					L31:
              					E737F29C2();
              					if(( *(_t99 + 0x401) & 0x00000080) != 0) {
              						if(CreateFileA(0x737fd911, 0xc0000000, 2, 0, 3, 0x82, 0) != 0xffffffff) {
              							LoadStringA( *0x737fd8a2, 0x32, 0x7380da3d, 0x400);
              							CloseHandle(E737F22C0(0x7380da3d));
              						} else {
              							LoadStringA( *0x737fd8a2, 0x33, 0x7380d63d, 0x400);
              							E737F22C0(0x7380d63d);
              							_v12 = 0;
              						}
              					}
              					if(( *(_t99 + 0x401) & 0x00000040) != 0) {
              						E737F40FA();
              					}
              					if(_v8 == 0) {
              						 *0x737fe95c = 0;
              					}
              					return _v12;
              				}
              			}












              0x737f4f01
              0x737f4f0b
              0x737f4f10
              0x737f4f1e
              0x737f4f29
              0x737f4f30
              0x737f4f20
              0x737f4f20
              0x737f4f20
              0x737f4f37
              0x737f4f44
              0x737f4f46
              0x737f4f46
              0x737f4f56
              0x737f4f5b
              0x737f4f5d
              0x737f4f75
              0x737f4f89
              0x737f4f93
              0x737f4f93
              0x737f4fa2
              0x737f4fb0
              0x737f4fe7
              0x737f4ff1
              0x737f4ff6
              0x737f4fb2
              0x737f4fc4
              0x737f4fce
              0x737f4fce
              0x737f4fb0
              0x737f5007
              0x737f5020
              0x737f5057
              0x737f5061
              0x737f5066
              0x737f5022
              0x737f5034
              0x737f503e
              0x737f503e
              0x737f5020
              0x737f5077
              0x737f508e
              0x737f5093
              0x737f509a
              0x737f509c
              0x737f509f
              0x737f50a1
              0x737f50a4
              0x737f50a6
              0x737f50a9
              0x737f50b1
              0x737f5100
              0x737f510a
              0x737f510f
              0x737f50cb
              0x737f50dd
              0x737f50e7
              0x737f50e7
              0x737f50b1
              0x737f5120
              0x737f5130
              0x737f5166
              0x737f5132
              0x737f514c
              0x737f514c
              0x737f516e
              0x737f51ac
              0x737f51b6
              0x737f5170
              0x737f5182
              0x737f518c
              0x737f5191
              0x737f5191
              0x737f516e
              0x00000000
              0x737f4f5f
              0x737f4f5f
              0x737f51bb
              0x737f51bb
              0x737f51ca
              0x737f51eb
              0x737f5229
              0x737f5239
              0x737f51ed
              0x737f51ff
              0x737f5209
              0x737f520e
              0x737f520e
              0x737f51eb
              0x737f5248
              0x737f524a
              0x737f524a
              0x737f5253
              0x737f5255
              0x737f5255
              0x737f5263
              0x737f5263

              APIs
              • LoadStringA.USER32 ref: 737F4F01
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000180,00000000,?), ref: 737F22D9
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,0000018B,00000000,00000000), ref: 737F22E8
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000186,-00000001,00000000), ref: 737F22F7
              • LoadStringA.USER32 ref: 737F4F89
              • LoadStringA.USER32 ref: 737F4FC4
              • LoadStringA.USER32 ref: 737F4FE7
              • LoadStringA.USER32 ref: 737F5034
              • LoadStringA.USER32 ref: 737F5057
              • LoadStringA.USER32 ref: 737F50DD
              • LoadStringA.USER32 ref: 737F5100
              • LoadStringA.USER32 ref: 737F5182
              • LoadStringA.USER32 ref: 737F51AC
              • CreateFileA.KERNEL32(737FD911,C0000000,00000002,00000000,00000003,00000082,00000000), ref: 737F51E3
              • LoadStringA.USER32 ref: 737F51FF
              • LoadStringA.USER32 ref: 737F5229
              • CloseHandle.KERNEL32(00000000,00000032,7380DA3D,00000400,737FD911,C0000000,00000002,00000000,00000003,00000082,00000000), ref: 737F5239
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: LoadString$MessageSend$CloseCreateFileHandle
              • String ID:
              • API String ID: 3199326509-0
              • Opcode ID: 62b69b3fd06c42d6fda623e7d9252969d8ba35176990826e7d12a2cd07cfc086
              • Instruction ID: adb3b398396ba93c71e841fbbb2de6c77c2b26c1697636fdea7cb0888bd17c17
              • Opcode Fuzzy Hash: 62b69b3fd06c42d6fda623e7d9252969d8ba35176990826e7d12a2cd07cfc086
              • Instruction Fuzzy Hash: 6771D9B164030BBFE731ABA1CD4AF9937A2BB00324F109514B7A57B3F1C7B45643AA59
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F62CD(long __ecx, void* __edx) {
              				RECT* _v8;
              				RECT* _t33;
              				void* _t51;
              				long _t54;
              				void* _t55;
              				RECT* _t56;
              				RECT* _t57;
              
              				_t55 = __edx;
              				_t54 = __ecx;
              				if( *0x737fd902 == 1) {
              					ShowWindow( *0x737fd8be, 5);
              					ShowWindow( *0x737fd8c2, 0);
              				}
              				SendMessageA( *0x737fd8be, 0x184, 0, 0);
              				LoadStringA( *0x737fd8a2, 0, 0x73810a45, 0x400);
              				E737F22C0(0x73810a45);
              				E737F22C0(" ");
              				_t51 = 0;
              				while(1) {
              					_t51 = _t51 + 1;
              					_t33 = E737F149B( *0x737fd8a2, _t51);
              					_t56 = _t33;
              					_t57 = _t56;
              					if(_t57 == 0) {
              						break;
              					}
              					if(_t57->left != 3) {
              						if(_t57->left != 4) {
              							if(_t57->left != 0x11) {
              								if(_t57->left != 5) {
              									if(_t57->left != 0x14) {
              										if(_t57->left != 0x16) {
              											if(_t57->left != 0x17) {
              												if(_t57->left != 0x10) {
              													if(_t57->left != 0x15) {
              														if(_t57->left == 0x18) {
              															_t33 = E737F625C(_t57);
              														}
              														goto L39;
              													}
              													if(_v8 == 1 || _v8 == 0) {
              														if((_t57->left & 0x00000004) == 0) {
              															if((_t57->left & 0x00000008) == 0) {
              																if((_t57->left & 0x00000040) != 0) {
              																	_t33 = _v8;
              																}
              															} else {
              																_t33 = 1;
              															}
              														} else {
              															_t33 = 0;
              														}
              													} else {
              														_t33 = _v8;
              													}
              													if(_v8 != _t33) {
              														goto L39;
              													} else {
              														if((_t57->left & 0x00000001) == 0) {
              															if((_t57->left & 0x00000010) == 0) {
              																if((_t57->left & 0x00000020) != 0) {
              																	_t51 = _t51 - _t57->top - 1;
              																}
              															} else {
              																_t51 = _t51 + _t57->top - 1;
              															}
              															goto L39;
              														}
              														E737F22C0("EXIT PATCHING");
              														break;
              													}
              												}
              												LoadStringA( *0x737fd8a2, 7, 0x73810e45, 0x400);
              												E737F22C0(0x73810e45);
              												_t33 = E737F14E6(_t57);
              												goto L39;
              											}
              											_t33 = E737F5266(_t57);
              											goto L39;
              										}
              										_t33 = E737F4EE6(_t54, _t57);
              									} else {
              										_t33 = E737F498E(_t57);
              									}
              								} else {
              									_t33 = E737F5516(_t57);
              								}
              							} else {
              								_t33 = E737F5B9C(_t57);
              							}
              						} else {
              							_t33 = E737F4791(_t55, _t57);
              						}
              						goto L39;
              					} else {
              						_t33 = E737F4338(_t54, _t57);
              						L39:
              						_v8 = _t33;
              						_t54 = _t57->left;
              						if(_t54 == 3 || _t54 == 4 || _t54 == 0x11 || _t54 == 5 || _t54 == 0x14 || _t54 == 0x16 || _t54 == 0x17 || _t54 == 0x10 || _t54 == 0x18) {
              							if(_v8 != 1) {
              								if(_v8 == 0) {
              									LoadStringA( *0x737fd8a2, 0x1c, 0x73811645, 0x400);
              									E737F22C0(0x73811645);
              									E737F22C0(" ");
              								}
              							} else {
              								LoadStringA( *0x737fd8a2, 0x1d, 0x73811245, 0x400);
              								E737F22C0(0x73811245);
              								E737F22C0(" ");
              							}
              						}
              						continue;
              					}
              				}
              				LoadStringA( *0x737fd8a2, 1, 0x73811a45, 0x400);
              				E737F22C0(0x73811a45);
              				E737F6577( *0x737fd907);
              				EnableWindow(GetDlgItem( *0x737fd8a6, 0x6c), 0);
              				return RedrawWindow( *0x737fd8a6, 0, 0, 1);
              			}










              0x737f62cd
              0x737f62cd
              0x737f62dd
              0x737f62e7
              0x737f62f4
              0x737f62f4
              0x737f6308
              0x737f631f
              0x737f6329
              0x737f6333
              0x737f6338
              0x737f6509
              0x737f6509
              0x737f6511
              0x737f6516
              0x737f6518
              0x737f651a
              0x00000000
              0x00000000
              0x737f6347
              0x737f6357
              0x737f6367
              0x737f6377
              0x737f6387
              0x737f6397
              0x737f63a7
              0x737f63b7
              0x737f63e8
              0x737f646b
              0x737f646e
              0x737f646e
              0x00000000
              0x737f646b
              0x737f63ee
              0x737f63fd
              0x737f640d
              0x737f641d
              0x737f641f
              0x737f641f
              0x737f640f
              0x737f640f
              0x737f640f
              0x737f63ff
              0x737f63ff
              0x737f63ff
              0x737f6424
              0x737f6424
              0x737f6424
              0x737f642a
              0x00000000
              0x737f642c
              0x737f6433
              0x737f644d
              0x737f645e
              0x737f6463
              0x737f6463
              0x737f644f
              0x737f6452
              0x737f6452
              0x00000000
              0x737f6466
              0x737f643a
              0x00000000
              0x737f643a
              0x737f642a
              0x737f63cb
              0x737f63d5
              0x737f63db
              0x00000000
              0x737f63db
              0x737f63aa
              0x00000000
              0x737f63aa
              0x737f639a
              0x737f6389
              0x737f638a
              0x737f638a
              0x737f6379
              0x737f637a
              0x737f637a
              0x737f6369
              0x737f636a
              0x737f636a
              0x737f6359
              0x737f635a
              0x737f635a
              0x00000000
              0x737f6349
              0x737f634a
              0x737f6473
              0x737f6473
              0x737f6476
              0x737f647b
              0x737f64a9
              0x737f64dc
              0x737f64f0
              0x737f64fa
              0x737f6504
              0x737f6504
              0x737f64ab
              0x737f64bd
              0x737f64c7
              0x737f64d1
              0x737f64d1
              0x737f64a9
              0x00000000
              0x737f647b
              0x737f6347
              0x737f6532
              0x737f653c
              0x737f6547
              0x737f655c
              0x737f6576

              APIs
              • ShowWindow.USER32(00000005), ref: 737F62E7
              • ShowWindow.USER32(00000000,00000005), ref: 737F62F4
              • SendMessageA.USER32(00000184,00000000,00000000), ref: 737F6308
              • LoadStringA.USER32 ref: 737F631F
              • LoadStringA.USER32 ref: 737F6532
              • GetDlgItem.USER32 ref: 737F6554
              • EnableWindow.USER32(00000000,00000000), ref: 737F655C
              • RedrawWindow.USER32(00000000,00000000,00000001,0000006C,00000001,73811A45,00000400,00000002,0000001C,73811645,00000400,00000001,00000000,73810A45,00000400,00000184), ref: 737F656D
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Window$LoadShowString$EnableItemMessageRedrawSend
              • String ID: EXIT PATCHING
              • API String ID: 3447863954-2450873957
              • Opcode ID: e6b98c06fdad9587be54fedb0dceb46ddb150ec339b8472762d179a607b5f058
              • Instruction ID: 0c46019072676af4da75c1f4e54384b3a9c113c5131fa9839f0af992d7fe9f5d
              • Opcode Fuzzy Hash: e6b98c06fdad9587be54fedb0dceb46ddb150ec339b8472762d179a607b5f058
              • Instruction Fuzzy Hash: 1B51E871644B0BBFF723BB608E45FA927B6BF01310F24C109E292273E993654653F61A
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 95%
              			E737F38CC() {
              				char _v1028;
              				struct HWND__* _v1032;
              				char _v1048;
              				char _v1064;
              				char _v1124;
              				intOrPtr* __ebx;
              				intOrPtr* __esi;
              				struct HWND__* _t43;
              				intOrPtr _t58;
              				void* _t60;
              				char _t61;
              				void* _t65;
              				struct tagRECT* _t78;
              				LOGFONTA* _t79;
              				CHAR* _t85;
              				struct tagRECT* _t86;
              				void* _t87;
              
              				_t43 = GetDlgItem( *0x737fd8a6, 0x70);
              				if(_t43 == 0) {
              					L16:
              					return _t43;
              				}
              				_v1032 = _t43;
              				ShowWindow(_v1032, 0);
              				 *0x737FF163 = E737F2A53( *0x737fd8aa, 9);
              				_t43 = E737F6C90(_t45);
              				if(_t43 == 0) {
              					goto L16;
              				}
              				 *__esi =  *0x737fd8a6;
              				_t78 =  &_v1048;
              				GetWindowRect(_v1032, _t78);
              				_t86 =  &_v1064;
              				GetWindowRect( *0x737fd8a6, _t86);
              				 *0x737FF167 = _t78->left - _t86->left;
              				 *0x737FF16F = _t78->right - _t78->left;
              				 *0x737FF16B = _t78->top - _t86->top;
              				E737F18B0( *0x737fd8a6, 0x737ff167, 0x737ff16b);
              				_t58 = E737F1460( *0x737fd8a2, 0x12, 1);
              				if(_t58 != 0) {
              					_t58 =  *((intOrPtr*)(_t58 + 1));
              				}
              				 *0x737FF17C = _t58;
              				_t60 = E737F1460( *0x737fd8a2, 0xb, 1);
              				if(_t60 == 0) {
              					if( *((intOrPtr*)(0x737ff17c)) == 0) {
              						_t61 = 0xff;
              					} else {
              						_t61 = 0xfe;
              					}
              				} else {
              					_t61 =  *((intOrPtr*)(_t60 + 1));
              				}
              				 *0x737FF17B = _t61;
              				_t79 =  &_v1124;
              				_push(0x3c);
              				_push(_t79);
              				L737F6B70();
              				_t79->lfHeight = 7;
              				_t79->lfCharSet = 1;
              				_t79->lfQuality = 4;
              				lstrcpyA( &(_t79->lfFaceName), "MS SANS SERIF");
              				_t65 = E737F1460( *0x737fd8a2, 0x13, 1);
              				if(_t65 != 0) {
              					_t87 = _t65;
              					 *_t25 =  *((intOrPtr*)(_t87 + 0x11));
              					 *__ebx =  *((intOrPtr*)(_t87 + 5));
              					if(( *(_t87 + 9) & 0x00000001) != 0) {
              						_t79->lfWeight = 0x2bc;
              					}
              					GetTempPathA(0x400,  &_v1028);
              					_t32 = _t87 + 0x15; // 0x15
              					lstrcatA( &_v1028, _t32);
              					_t34 = _t87 + 0x95; // 0x95
              					lstrcatA( &_v1028, _t34);
              					_t36 = _t87 + 0x9b; // 0x9b
              					E737F3A8F(_t36,  *((intOrPtr*)(_t87 + 0xd)),  &_v1028);
              					_t39 = _t87 + 0x15; // 0x15
              					_t85 = _t39;
              					if( *_t85 != 0) {
              						lstrcpyA( &(_t79->lfFaceName), _t85);
              					} else {
              						_t79 = 0;
              					}
              				}
              				 *((intOrPtr*)(0x737ff173)) = CreateFontIndirectA(_t79);
              				return E737F1B8B(0x737ff15f);
              			}




















              0x737f38e5
              0x737f38e7
              0x737f3a8e
              0x737f3a8e
              0x737f3a8e
              0x737f38ed
              0x737f38fb
              0x737f3912
              0x737f391b
              0x737f391d
              0x00000000
              0x00000000
              0x737f3929
              0x737f392b
              0x737f3938
              0x737f393d
              0x737f394a
              0x737f3953
              0x737f395b
              0x737f3964
              0x737f3975
              0x737f3989
              0x737f398b
              0x737f398d
              0x737f398d
              0x737f3990
              0x737f39a2
              0x737f39a4
              0x737f39af
              0x737f39b8
              0x737f39b1
              0x737f39b1
              0x737f39b1
              0x737f39a6
              0x737f39a6
              0x737f39a6
              0x737f39bd
              0x737f39c0
              0x737f39c6
              0x737f39c8
              0x737f39c9
              0x737f39ce
              0x737f39d4
              0x737f39d8
              0x737f39e5
              0x737f39f9
              0x737f39fb
              0x737f39fd
              0x737f3a02
              0x737f3a08
              0x737f3a11
              0x737f3a13
              0x737f3a13
              0x737f3a26
              0x737f3a2b
              0x737f3a36
              0x737f3a3b
              0x737f3a49
              0x737f3a4e
              0x737f3a60
              0x737f3a65
              0x737f3a65
              0x737f3a6b
              0x737f3a76
              0x737f3a6d
              0x737f3a6d
              0x737f3a6d
              0x737f3a6b
              0x737f3a81
              0x00000000

              APIs
              • GetDlgItem.USER32 ref: 737F38E0
              • ShowWindow.USER32(?,00000000,00000070,00000000,?,00000000,?,737F327C,00000000,000000CA,73804E3D,0000000F,73804E3D,00000400,00000000,00000000), ref: 737F38FB
              • GetWindowRect.USER32 ref: 737F3938
              • GetWindowRect.USER32 ref: 737F394A
                • Part of subcall function 737F18B0: GetWindowLongA.USER32 ref: 737F18BE
                • Part of subcall function 737F18B0: GetWindowLongA.USER32 ref: 737F18CA
                • Part of subcall function 737F18B0: GetSystemMetrics.USER32 ref: 737F18EF
                • Part of subcall function 737F18B0: GetSystemMetrics.USER32 ref: 737F190B
                • Part of subcall function 737F18B0: GetSystemMetrics.USER32 ref: 737F1914
                • Part of subcall function 737F18B0: GetSystemMetrics.USER32 ref: 737F1947
                • Part of subcall function 737F18B0: GetSystemMetrics.USER32 ref: 737F1950
                • Part of subcall function 737F18B0: GetSystemMetrics.USER32 ref: 737F1964
                • Part of subcall function 737F18B0: GetSystemMetrics.USER32 ref: 737F196D
              • RtlZeroMemory.KERNEL32(?,0000003C,?,?,?,00000000,00000070,00000000,?,00000000,?,737F327C,00000000,000000CA,73804E3D,0000000F), ref: 737F39C9
              • lstrcpyA.KERNEL32(?,MS SANS SERIF,?,0000003C,?,?,?,00000000,00000070,00000000,?,00000000,?,737F327C,00000000,000000CA), ref: 737F39E5
              • GetTempPathA.KERNEL32(00000400,?,?,MS SANS SERIF,?,0000003C,?,?,?,00000000,00000070,00000000,?,00000000,?,737F327C), ref: 737F3A26
              • lstrcatA.KERNEL32(?,00000015,00000400,?,?,MS SANS SERIF,?,0000003C,?,?,?,00000000,00000070,00000000,?,00000000), ref: 737F3A36
              • lstrcatA.KERNEL32(?,00000095,?,00000015,00000400,?,?,MS SANS SERIF,?,0000003C,?,?,?,00000000,00000070,00000000), ref: 737F3A49
              • lstrcpyA.KERNEL32(?,00000015,0000009B,?,?,?,00000095,?,00000015,00000400,?,?,MS SANS SERIF,?,0000003C,?), ref: 737F3A76
              • CreateFontIndirectA.GDI32(?), ref: 737F3A7C
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: MetricsSystem$Window$LongRectlstrcatlstrcpy$CreateFontIndirectItemMemoryPathShowTempZero
              • String ID: MS SANS SERIF
              • API String ID: 1718168783-2292534163
              • Opcode ID: 6c179e2467adea97d6f10af7990385366add4ae00d95fc3183097e4871e2cb39
              • Instruction ID: a6fdb6d6ec70af6e2685b966849e3bfac1e7ed3a37e4fcfad511b3ed4a0af92a
              • Opcode Fuzzy Hash: 6c179e2467adea97d6f10af7990385366add4ae00d95fc3183097e4871e2cb39
              • Instruction Fuzzy Hash: 9151ADB2500707AFEB21DF24CDC4F96BBB9FB00304F008658A605AB295E775EA46DF50
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 83%
              			E737F5AFE() {
              				_Unknown_base(*)()* _t2;
              
              				asm("pushad");
              				_t2 = E737F149B( *0x737fd8a2, "PCRE_DLL");
              				if(_t2 != 0) {
              					GetTempPathA(0x400, 0x7380223d);
              					lstrcatA(0x7380223d, "\\pcre.dll");
              					E737F6D4C(0x7380223d, _t2,  *0x737fd880);
              					_t2 = LoadLibraryA(0x7380223d);
              					if(_t2 != 0) {
              						 *0x73802239 = _t2;
              						 *0x7380222d = GetProcAddress( *0x73802239, "pcre_compile");
              						 *0x73802231 = GetProcAddress( *0x73802239, "pcre_exec");
              						_t2 = GetProcAddress( *0x73802239, "pcre_copy_substring");
              						 *0x73802235 = _t2;
              					}
              				}
              				asm("popad");
              				return _t2;
              			}




              0x737f5afe
              0x737f5b0f
              0x737f5b11
              0x737f5b23
              0x737f5b32
              0x737f5b43
              0x737f5b52
              0x737f5b54
              0x737f5b56
              0x737f5b6b
              0x737f5b80
              0x737f5b90
              0x737f5b95
              0x737f5b95
              0x737f5b54
              0x737f5b9a
              0x737f5b9b

              APIs
                • Part of subcall function 737F149B: FindResourceA.KERNEL32(?,737F1479,0000000A), ref: 737F14B1
              • GetTempPathA.KERNEL32(00000400,7380223D,PCRE_DLL,737F2FD7,00000000,000001F4,0000000B,7380463D,00000400,0000006F,?), ref: 737F5B23
              • lstrcatA.KERNEL32(7380223D,\pcre.dll,00000400,7380223D,PCRE_DLL,737F2FD7,00000000,000001F4,0000000B,7380463D,00000400,0000006F,?), ref: 737F5B32
                • Part of subcall function 737F6D4C: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 737F6D67
              • LoadLibraryA.KERNEL32(7380223D,7380223D,00000000,7380223D,\pcre.dll,00000400,7380223D,PCRE_DLL,737F2FD7,00000000,000001F4,0000000B,7380463D,00000400,0000006F,?), ref: 737F5B4D
              • GetProcAddress.KERNEL32(pcre_compile,7380223D), ref: 737F5B66
              • GetProcAddress.KERNEL32(pcre_exec,pcre_compile), ref: 737F5B7B
              • GetProcAddress.KERNEL32(pcre_copy_substring,pcre_exec), ref: 737F5B90
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: AddressProc$CreateFileFindLibraryLoadPathResourceTemplstrcat
              • String ID: PCRE_DLL$\pcre.dll$pcre_compile$pcre_copy_substring$pcre_exec
              • API String ID: 4288541509-2867501554
              • Opcode ID: 879a246296251a60bcf302c22491040978f4c458dba7d064dfe6d7df1219fde7
              • Instruction ID: 06f6965611c16adec301cf37edfe1e0f3aa31f2fd66772dd0ff4b0da95c626f5
              • Opcode Fuzzy Hash: 879a246296251a60bcf302c22491040978f4c458dba7d064dfe6d7df1219fde7
              • Instruction Fuzzy Hash: 0FF0AF7360464F6EEA117BF28E86F24BA62FA023583605615A858AF355D7F14423AE11
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 95%
              			E737F4338(char __ecx, intOrPtr* _a4) {
              				signed char _v8;
              				signed char _v9;
              				signed int _v16;
              				intOrPtr _t49;
              				void* _t51;
              				char _t54;
              				CHAR* _t56;
              				signed char _t81;
              				char _t82;
              				intOrPtr _t83;
              				intOrPtr* _t84;
              
              				_t82 = __ecx;
              				_t84 = _a4;
              				_v8 = 0;
              				_v9 = 1;
              				if(( *(_t84 + 0x1e) & 0x00000008) != 0) {
              					E737F40CF();
              				}
              				LoadStringA( *0x737fd8a2, 2, 0x7380563d, 0x400);
              				E737F22C0(0x7380563d);
              				 *_t9 =  *(_t84 + 0x1e);
              				if(E737F2463(_t84 + 0x22,  *((intOrPtr*)(_t84 + 6)), _v16) != 0) {
              					_t49 =  *((intOrPtr*)(_t84 + 2));
              					if(_t49 == 0) {
              						LoadStringA( *0x737fd8a2, 0x22, 0x7380623d, 0x400);
              						_t51 = E737F22C0(0x7380623d);
              						goto L9;
              					} else {
              						if( *0x737fe519 == _t49) {
              							LoadStringA( *0x737fd8a2, 0x21, 0x73805e3d, 0x400);
              							_t51 = E737F22C0(0x73805e3d);
              							L9:
              							if( *((intOrPtr*)(_t84 + 0xa)) == 0) {
              								LoadStringA( *0x737fd8a2, 0x24, 0x73806e3d, 0x400);
              								E737F22C0(0x73806e3d);
              								goto L14;
              							} else {
              								if( *((intOrPtr*)(_t84 + 0xa)) == E737F1020(_t51,  *0x737fe519,  *0x737fe521)) {
              									LoadStringA( *0x737fd8a2, 0x1e, 0x73806a3d, 0x400);
              									E737F22C0(0x73806a3d);
              									L14:
              									if(( *(_t84 + 0x1e) & 0x00000004) == 0) {
              										if(( *(_t84 + 0x1e) & 0x00000001) == 0) {
              											_t81 = 0;
              										} else {
              											_t81 = 1;
              										}
              										_t54 =  *((intOrPtr*)(_t84 + 0x16));
              										_t84 = _t54 + _t84;
              										_t83 =  *0x737fe521;
              										while( *_t84 != 0 ||  *((short*)(_t84 + 4)) != 0) {
              											asm("lodsd");
              											_t30 = _t54;
              											_t54 = _t82;
              											_t82 = _t30;
              											asm("lodsb");
              											_t81 = _t81;
              											if(_t81 != 0 ||  *((intOrPtr*)(_t82 + _t83)) == _t54) {
              												asm("lodsb");
              												 *((char*)(_t82 + _t83)) = _t54;
              												_v8 = 1;
              												continue;
              											} else {
              												LoadStringA( *0x737fd8a2, 0x25, 0x73807a3d, 0x400);
              												E737F22C0(0x73807a3d);
              												_v9 = 0;
              											}
              											goto L29;
              										}
              									} else {
              										if(E737F65AE( *0x737fe521, 3, 0x278 +  *0x737fd880, _t84,  *(_t84 + 0x1e)) != 0) {
              											LoadStringA( *0x737fd8a2, 9, 0x7380763d, 0x400);
              											E737F22C0(0x7380763d);
              											_v8 = 1;
              										} else {
              											LoadStringA( *0x737fd8a2, 8, 0x7380723d, 0x400);
              											E737F22C0(0x7380723d);
              											 *0x737fe529 =  *0x737fe519;
              											_v9 = 0;
              										}
              									}
              								} else {
              									LoadStringA( *0x737fd8a2, 0x23, 0x7380663d, 0x400);
              									E737F22C0(0x7380663d);
              									_v9 = 0;
              								}
              							}
              						} else {
              							LoadStringA( *0x737fd8a2, 0x20, 0x73805a3d, 0x400);
              							E737F22C0(0x73805a3d);
              							_v9 = 0;
              						}
              					}
              				} else {
              					_v9 = 0;
              				}
              				L29:
              				if(_v8 != 0) {
              					LoadStringA( *0x737fd8a2, 0xb, 0x7380823d, 0x400);
              					_t56 = 0x7380823d;
              				} else {
              					 *0x737fe529 =  *0x737fe519;
              					LoadStringA( *0x737fd8a2, 0xa, 0x73807e3d, 0x400);
              					_t56 = 0x73807e3d;
              					_v9 = 0;
              				}
              				E737F22C0(_t56);
              				E737F28D8(_v8, _v16);
              				if(( *(_t84 + 0x1e) & 0x00000008) != 0) {
              					E737F40FA();
              				}
              				return _v9 & 0x000000ff;
              			}














              0x737f4338
              0x737f4341
              0x737f4344
              0x737f434b
              0x737f4356
              0x737f4358
              0x737f4358
              0x737f436f
              0x737f4379
              0x737f4384
              0x737f4395
              0x737f43a3
              0x737f43a5
              0x737f4410
              0x737f441a
              0x00000000
              0x737f43a7
              0x737f43ad
              0x737f43ed
              0x737f43f7
              0x737f441f
              0x737f4423
              0x737f449c
              0x737f44a6
              0x00000000
              0x737f4425
              0x737f4439
              0x737f4479
              0x737f4483
              0x737f44ab
              0x737f44b2
              0x737f4539
              0x737f453f
              0x737f453b
              0x737f453b
              0x737f453b
              0x737f4541
              0x737f4544
              0x737f4547
              0x737f4550
              0x737f455c
              0x737f455d
              0x737f455d
              0x737f455d
              0x737f455e
              0x737f455f
              0x737f4561
              0x737f458f
              0x737f4590
              0x737f4593
              0x00000000
              0x737f4568
              0x737f457a
              0x737f4584
              0x737f4589
              0x737f4589
              0x00000000
              0x737f4561
              0x737f44b4
              0x737f44d3
              0x737f451a
              0x737f4524
              0x737f4529
              0x737f44d5
              0x737f44e7
              0x737f44f1
              0x737f44fc
              0x737f4502
              0x737f4502
              0x737f4530
              0x737f443b
              0x737f444d
              0x737f4457
              0x737f445c
              0x737f445c
              0x737f4439
              0x737f43af
              0x737f43c1
              0x737f43cb
              0x737f43d0
              0x737f43d0
              0x737f43ad
              0x737f4397
              0x737f4397
              0x737f4397
              0x737f459c
              0x737f45a0
              0x737f45e2
              0x737f45e7
              0x737f45a2
              0x737f45a8
              0x737f45c0
              0x737f45c5
              0x737f45ca
              0x737f45ca
              0x737f45ed
              0x737f45f8
              0x737f4604
              0x737f4606
              0x737f4606
              0x737f4613

              APIs
              • LoadStringA.USER32 ref: 737F436F
              • LoadStringA.USER32 ref: 737F45C0
                • Part of subcall function 737F40CF: GetModuleHandleA.KERNEL32(kernel32.dll,737F4F4B), ref: 737F40D4
                • Part of subcall function 737F40CF: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 737F40DF
              • LoadStringA.USER32 ref: 737F43C1
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000180,00000000,?), ref: 737F22D9
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,0000018B,00000000,00000000), ref: 737F22E8
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000186,-00000001,00000000), ref: 737F22F7
              • LoadStringA.USER32 ref: 737F43ED
              • LoadStringA.USER32 ref: 737F4410
              • LoadStringA.USER32 ref: 737F444D
              • LoadStringA.USER32 ref: 737F45E2
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: LoadString$MessageSend$AddressHandleModuleProc
              • String ID:
              • API String ID: 1736458721-0
              • Opcode ID: e1a8b4de81a2ec67fe766defe8e98a880a11d372fbdc1cb2e3c9e0d222e63d27
              • Instruction ID: c44011ddf002e69bc117878029de332e51eb58f6a4a48aeab3f9270050372598
              • Opcode Fuzzy Hash: e1a8b4de81a2ec67fe766defe8e98a880a11d372fbdc1cb2e3c9e0d222e63d27
              • Instruction Fuzzy Hash: 6A61F172340317BFEB22AB90CD0AF5A3BB2FB00354F209510B6917B3E1D7B59603AA15
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F18B0(struct HWND__* _a4, intOrPtr* _a8, intOrPtr* _a12) {
              				int _t21;
              				int _t23;
              				signed int _t27;
              				intOrPtr* _t32;
              				signed int _t33;
              
              				_t32 = _a12;
              				_t33 = GetWindowLongA(_a4, 0xffffffec);
              				_t21 = GetWindowLongA(_a4, 0xfffffff0);
              				_t27 = _t21;
              				if((_t27 & 0x00c00000) != 0) {
              					_t21 = _t21 & 0x00c00000;
              					if(_t21 == 0xc00000) {
              						if((_t33 & 0x00000080) == 0) {
              							_t21 = GetSystemMetrics(4);
              							 *_t32 =  *_t32 - _t21;
              						} else {
              							_t21 = GetSystemMetrics(0x33);
              							 *_t32 =  *_t32 - _t21;
              						}
              					}
              				}
              				if((_t27 & 0x00040000) == 0) {
              					if((_t27 & 0x00400000) != 0) {
              						 *_t32 =  *_t32 - GetSystemMetrics(8);
              						_t21 = GetSystemMetrics(7);
              						 *_a8 =  *_a8 - _t21;
              					}
              				} else {
              					 *_t32 =  *_t32 - GetSystemMetrics(0x21);
              					_t21 = GetSystemMetrics(0x20);
              					 *_a8 =  *_a8 - _t21;
              				}
              				if((_t33 & 0x00000200) != 0) {
              					 *_t32 =  *_t32 - GetSystemMetrics(0x2d);
              					_t21 = GetSystemMetrics(0x2e);
              					 *_a8 =  *_a8 - _t21;
              				}
              				if((_t33 & 0x00020000) != 0) {
              					 *_t32 =  *_t32 - GetSystemMetrics(6);
              					_t23 = GetSystemMetrics(5);
              					 *_a8 =  *_a8 - _t23;
              					return _t23;
              				}
              				return _t21;
              			}








              0x737f18b6
              0x737f18c3
              0x737f18ca
              0x737f18cf
              0x737f18d7
              0x737f18d9
              0x737f18e3
              0x737f18eb
              0x737f18fa
              0x737f18ff
              0x737f18ed
              0x737f18ef
              0x737f18f4
              0x737f18f4
              0x737f18eb
              0x737f18e3
              0x737f1907
              0x737f1926
              0x737f192f
              0x737f1933
              0x737f193b
              0x737f193b
              0x737f1909
              0x737f1910
              0x737f1914
              0x737f191c
              0x737f191c
              0x737f1943
              0x737f194c
              0x737f1950
              0x737f1958
              0x737f1958
              0x737f1960
              0x737f1969
              0x737f196d
              0x737f1975
              0x00000000
              0x737f1975
              0x737f197b

              APIs
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: MetricsSystem$LongWindow
              • String ID:
              • API String ID: 3112282201-0
              • Opcode ID: 9ac105f992e2a1bd0ec87dee627b8ac329d158e3715ae37d9bc932f2d1c56605
              • Instruction ID: 6dd5d29ca839376417694ab362a920be7f472cd78a2f34a558c42aa943a7c820
              • Opcode Fuzzy Hash: 9ac105f992e2a1bd0ec87dee627b8ac329d158e3715ae37d9bc932f2d1c56605
              • Instruction Fuzzy Hash: FC217F726903476FF7015AB5C988B6D376AFF10354F18C134AD1B6B3D0DA608962C792
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 68%
              			E737F3B6F(struct HWND__* _a4, signed int _a8, signed int _a12, intOrPtr _a16) {
              				signed int _v8;
              				intOrPtr* _t28;
              				signed int _t32;
              				signed int _t33;
              				signed int _t34;
              				signed int _t40;
              				intOrPtr* _t48;
              				long _t49;
              
              				_t28 = GetProcAddress(GetModuleHandleA("user32.dll"), "SetLayeredWindowAttributes");
              				if(_t28 != 0) {
              					_t48 = _t28;
              					SetWindowLongA(_a4, 0xffffffec, GetWindowLongA(_a4, 0xffffffec) | 0x00080000);
              					_t32 = _a12;
              					_t33 = _t32 / 4;
              					if(_t32 % 4 != 0) {
              						_t33 = _t33 + 1;
              					}
              					_v8 = _t33;
              					if(_a8 == 0) {
              						L13:
              						if(_a16 != 0) {
              							_t34 = 0;
              						} else {
              							_t34 = _a12;
              						}
              						return  *_t48(_a4, 0, _t34, 2);
              					} else {
              						_t49 = _a8 / _t33;
              						if(_a16 != 0) {
              							_t40 = _a12;
              						} else {
              							_t40 = 0;
              						}
              						while(_v8 != 0) {
              							 *_t48(_a4, 0, _t40, 2);
              							if(_a16 != 0) {
              								_t40 = _t40 - 4;
              							} else {
              								_t40 = _t40 + 4;
              							}
              							Sleep(_t49);
              							UpdateWindow(_a4);
              							_v8 = _v8 - 1;
              						}
              						goto L13;
              					}
              				}
              				return _t28;
              			}











              0x737f3b8d
              0x737f3b8f
              0x737f3b95
              0x737f3bac
              0x737f3bb3
              0x737f3bbb
              0x737f3bbf
              0x737f3bc1
              0x737f3bc1
              0x737f3bc4
              0x737f3bcb
              0x737f3c16
              0x737f3c1a
              0x737f3c21
              0x737f3c1c
              0x737f3c1c
              0x737f3c1c
              0x00000000
              0x737f3bcd
              0x737f3bd6
              0x737f3bdc
              0x737f3be2
              0x737f3bde
              0x737f3bde
              0x737f3bde
              0x737f3c10
              0x737f3bef
              0x737f3bf5
              0x737f3bfc
              0x737f3bf7
              0x737f3bf7
              0x737f3bf7
              0x737f3c00
              0x737f3c08
              0x737f3c0d
              0x737f3c0d
              0x00000000
              0x737f3c10
              0x737f3bcb
              0x737f3c31

              APIs
              • GetModuleHandleA.KERNEL32(user32.dll,00000000), ref: 737F3B7D
              • GetProcAddress.KERNEL32(00000000,SetLayeredWindowAttributes), ref: 737F3B88
              • GetWindowLongA.USER32 ref: 737F3B9C
              • SetWindowLongA.USER32 ref: 737F3BAC
              • Sleep.KERNEL32(?), ref: 737F3C00
              • UpdateWindow.USER32(?), ref: 737F3C08
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Window$Long$AddressHandleModuleProcSleepUpdate
              • String ID: SetLayeredWindowAttributes$user32.dll
              • API String ID: 3069254162-3673630139
              • Opcode ID: 9a567b3f3aea3cdd684ad55ebce1d62e951098c644624e4a5ae141db99b37b3e
              • Instruction ID: c877df6bba5f799f0c24956948bd168b76c36d2acfd892a5ba992db1fc90d6e9
              • Opcode Fuzzy Hash: 9a567b3f3aea3cdd684ad55ebce1d62e951098c644624e4a5ae141db99b37b3e
              • Instruction Fuzzy Hash: C621603070420AEFFB01AE24DD45F9A3AAAFB80364F148524F916A72D0D772DD53DA50
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F61BC() {
              				char _v2052;
              				char _v4100;
              				char _v4164;
              				int _t14;
              				void* _t30;
              
              				_t14 = GetTempPathA(0x400,  &_v2052);
              				_t30 = 0x7380263d;
              				while( *(_t30 + 4) != 0) {
              					FreeLibrary( *(_t30 + 4));
              					_t4 = _t30 + 8; // 0x73802645
              					E737F2200(_t4,  &_v4164, 0x10);
              					lstrcpyA( &_v4100,  &_v2052);
              					lstrcatA( &_v4100, 0x737fd7f2);
              					lstrcatA( &_v4100,  &_v4164);
              					lstrcatA( &_v4100, ".dll");
              					_t14 = DeleteFileA( &_v4100);
              					_t30 = _t30 + 0x18;
              				}
              				return _t14;
              			}








              0x737f61d4
              0x737f61d9
              0x737f6251
              0x737f61e3
              0x737f61f1
              0x737f61f5
              0x737f6208
              0x737f6219
              0x737f622c
              0x737f623d
              0x737f6249
              0x737f624e
              0x737f624e
              0x737f625b

              APIs
              • GetTempPathA.KERNEL32(00000400,?,?,?,?,?,737F365C,7380223D,737FE111), ref: 737F61D4
              • FreeLibrary.KERNEL32(?,00000400,?,?,?,?,?,737F365C,7380223D,737FE111), ref: 737F61E3
              • lstrcpyA.KERNEL32(?,?,73802645,?,00000010,?,00000400,?,?,?,?,?,737F365C,7380223D,737FE111), ref: 737F6208
              • lstrcatA.KERNEL32(?,737FD7F2,?,?,73802645,?,00000010,?,00000400,?,?,?,?,?,737F365C,7380223D), ref: 737F6219
              • lstrcatA.KERNEL32(?,?,?,737FD7F2,?,?,73802645,?,00000010,?,00000400,?), ref: 737F622C
              • lstrcatA.KERNEL32(?,.dll,?,?,?,737FD7F2,?,?,73802645,?,00000010,?,00000400,?), ref: 737F623D
              • DeleteFileA.KERNEL32(?,?,.dll,?,?,?,737FD7F2,?,?,73802645,?,00000010,?,00000400,?), ref: 737F6249
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: lstrcat$DeleteFileFreeLibraryPathTemplstrcpy
              • String ID: .dll
              • API String ID: 1649043200-2738580789
              • Opcode ID: 4b2daa11cf28b8ba063058a0768ff7c128daf695d0ee790a229970d6ad7d3623
              • Instruction ID: 6c92e45674d59ae2be876074c0f30b99df89d00a2497a1cd14c154b82f126fb0
              • Opcode Fuzzy Hash: 4b2daa11cf28b8ba063058a0768ff7c128daf695d0ee790a229970d6ad7d3623
              • Instruction Fuzzy Hash: 6E0175B680021D6BDB21D790CD88FDAB36CBB48344F1445A6B254E3144EB74E78A8FA0
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F3C60(struct HWND__* _a4, intOrPtr _a8) {
              				intOrPtr _t36;
              
              				if( *0x737fe537 != 1) {
              					return 0;
              				}
              				_t36 = _a8;
              				SelectObject( *(_t36 + 0x18), CreateSolidBrush( *0x737fe954));
              				RoundRect( *(_t36 + 0x18),  *(_t36 + 0x1c),  *(_t36 + 0x20),  *(_t36 + 0x24),  *(_t36 + 0x28), 0, 0);
              				if(( *(_t36 + 0x10) & 0x00000001) != 0) {
              					OffsetRect(_t36 + 0x1c, 1, 1);
              				}
              				GetDlgItemTextA(_a4,  *(_t36 + 4), 0x737fe538, 0x400);
              				SetBkMode( *(_t36 + 0x18), 1);
              				SetTextColor( *(_t36 + 0x18),  *0x737fe958);
              				DrawTextA( *(_t36 + 0x18), 0x737fe538, 0xffffffff, _t36 + 0x1c, 0x25);
              				if(( *(_t36 + 0x10) & 0x00000001) != 0) {
              					OffsetRect(_t36 + 0x1c, 0xffffffff, 0xffffffff);
              				}
              				return 1;
              			}




              0x737f3c6a
              0x00000000
              0x737f3d14
              0x737f3c70
              0x737f3c82
              0x737f3c9a
              0x737f3ca6
              0x737f3cb0
              0x737f3cb0
              0x737f3cc5
              0x737f3ccf
              0x737f3cdd
              0x737f3cf2
              0x737f3cfe
              0x737f3d08
              0x737f3d08
              0x00000000

              APIs
              • CreateSolidBrush.GDI32 ref: 737F3C79
              • SelectObject.GDI32(?,00000000), ref: 737F3C82
              • RoundRect.GDI32(?,?,?,?,?,00000000,00000000), ref: 737F3C9A
              • OffsetRect.USER32(?,00000001,00000001), ref: 737F3CB0
              • GetDlgItemTextA.USER32 ref: 737F3CC5
              • SetBkMode.GDI32(?,00000001), ref: 737F3CCF
              • SetTextColor.GDI32(?,?), ref: 737F3CDD
              • DrawTextA.USER32(?,737FE538,000000FF,?,00000025), ref: 737F3CF2
              • OffsetRect.USER32(?,000000FF,000000FF), ref: 737F3D08
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: RectText$Offset$BrushColorCreateDrawItemModeObjectRoundSelectSolid
              • String ID:
              • API String ID: 3683931702-0
              • Opcode ID: be5531a5471373eff74df4332f9f7b3f5bfefdc31ae7e91ca414ed356e99b1d3
              • Instruction ID: d2cbf1dcaef9b7ce81042ebe242dbccce5661d190882496d5b725baf9a142e72
              • Opcode Fuzzy Hash: be5531a5471373eff74df4332f9f7b3f5bfefdc31ae7e91ca414ed356e99b1d3
              • Instruction Fuzzy Hash: D0115E31144702BFFA219A60CE05F4676F6FB14310F108718B69226AE1D7A2E49AEB40
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 95%
              			E737F58A1(struct HWND__* _a4, intOrPtr _a8, struct HDC__* _a12, intOrPtr _a16) {
              				char _v1028;
              				intOrPtr _t28;
              				struct HBRUSH__* _t34;
              				void* _t35;
              				CHAR* _t42;
              				void* _t47;
              				int _t60;
              				void* _t61;
              				CHAR* _t68;
              				void* _t75;
              
              				_t28 = _a8;
              				if(_t28 != 0x110) {
              					if(_t28 != 0x111) {
              						if(_t28 != 0x138) {
              							if(_t28 != 0x136) {
              								if(_t28 != 0x2b) {
              									if(_t28 != 0x200) {
              										if(_t28 != 0x10) {
              											return 0;
              										} else {
              											goto L42;
              										}
              									} else {
              										if(_a12 == 1) {
              											SendMessageA(_a4, 0x112, 0xf012, 0);
              										}
              										goto L44;
              									}
              								} else {
              									return E737F3C60(_a4, _a16);
              								}
              							} else {
              								if( *0x737fe537 != 1) {
              									_t34 = 0;
              								} else {
              									_t34 = CreateSolidBrush( *0x737fe938);
              								}
              								return _t34;
              							}
              						} else {
              							if( *0x737fe537 != 1) {
              								_t35 = 0;
              							} else {
              								SetTextColor(_a12,  *0x737fe940);
              								if( *0x737fe93c != 0xffffffff) {
              									SetBkColor(_a12,  *0x737fe93c);
              									_t35 = CreateSolidBrush( *0x737fe93c);
              								} else {
              									SetBkMode(_a12, 1);
              									_t35 = GetStockObject(5);
              								}
              							}
              							return _t35;
              						}
              					} else {
              						if(_a12 != 0x66) {
              							if((GetKeyState(0xd) & 0x00008000) != 0) {
              								SendMessageA(_a4, 0x111, 0x66, 0);
              							}
              						} else {
              							_t42 =  *0x7380e641;
              							 *_t42 = 0;
              							if(GetDlgItemTextA(_a4, 0x65, _t42, 0x400) != 0) {
              								L42:
              								EndDialog(_a4,  *0x7380e641);
              							}
              						}
              						goto L44;
              					}
              				} else {
              					_push(_a16);
              					_pop( *0x7380e641);
              					if((GetWindowLongA( *0x737fd8a6, 0xffffffec) & 0x00000008) == 0) {
              						SetWindowPos(_a4, 0xfffffffe, 0, 0, 0, 0, 3);
              					}
              					if( *0x737fe537 == 1 &&  *0x737fe954 != 0xffffffff &&  *0x737fe958 != 0xffffffff) {
              						E737F3C34(_a4, 0x66);
              					}
              					E737F16E0( *0x737fd8a2, _a4, "BTN_REGP_OK_UP", "BTN_REGP_OK_DOWN", "BTN_REGP_OK_OVER", 0x66);
              					_t47 = E737F1460( *0x737fd8a2, 0xb, 1);
              					_t48 = _t47;
              					if(_t47 != 0) {
              						E737F3AE0(_a4, _t48);
              					}
              					E737F7260(_a4,  *0x737fd8a6);
              					_t75 =  *0x7380e63d;
              					_t68 =  &_v1028;
              					if( *_t75 == 0x24) {
              						_t75 = _t75 + 1;
              					}
              					_t60 = 0;
              					while( *((char*)(_t75 + _t60)) != 0x24 &&  *((char*)(_t75 + _t60)) != 0) {
              						_t60 = _t60 + 1;
              					}
              					RtlMoveMemory(_t68, _t75, _t60);
              					_t61 = _t60;
              					 *((char*)(_t61 + _t68)) = 0;
              					SetWindowTextA(_a4, _t68);
              					L44:
              					return 1;
              				}
              			}













              0x737f58bc
              0x737f58c4
              0x737f59ad
              0x737f5a09
              0x737f5a6f
              0x737f5a98
              0x737f5ab3
              0x737f5ad4
              0x737f5aef
              0x00000000
              0x00000000
              0x00000000
              0x737f5ab5
              0x737f5ab9
              0x737f5aca
              0x737f5aca
              0x00000000
              0x737f5ab9
              0x737f5a9a
              0x737f5aa9
              0x737f5aa9
              0x737f5a71
              0x737f5a78
              0x737f5a87
              0x737f5a7a
              0x737f5a80
              0x737f5a80
              0x737f5a90
              0x737f5a90
              0x737f5a0b
              0x737f5a12
              0x737f5a59
              0x737f5a14
              0x737f5a1d
              0x737f5a29
              0x737f5a47
              0x737f5a52
              0x737f5a2b
              0x737f5a30
              0x737f5a37
              0x737f5a37
              0x737f5a29
              0x737f5a62
              0x737f5a62
              0x737f59af
              0x737f59b5
              0x737f59ec
              0x737f59fa
              0x737f59fa
              0x737f59b7
              0x737f59b7
              0x737f59bc
              0x737f59d1
              0x737f5ad6
              0x737f5adf
              0x737f5adf
              0x737f59d1
              0x00000000
              0x737f59b5
              0x737f58ca
              0x737f58ca
              0x737f58cd
              0x737f58e5
              0x737f58f6
              0x737f58f6
              0x737f5902
              0x737f591b
              0x737f591b
              0x737f593a
              0x737f5949
              0x737f594e
              0x737f5950
              0x737f5956
              0x737f5956
              0x737f5964
              0x737f5969
              0x737f596f
              0x737f5978
              0x737f597a
              0x737f597a
              0x737f597b
              0x737f5980
              0x737f597f
              0x737f597f
              0x737f5990
              0x737f5995
              0x737f5996
              0x737f599e
              0x737f5af2
              0x737f5afb
              0x737f5afb

              APIs
              • GetWindowLongA.USER32 ref: 737F58DB
              • SetWindowPos.USER32(?,000000FE,00000000,00000000,00000000,00000000,00000003,000000EC,?), ref: 737F58F6
              • RtlMoveMemory.KERNEL32(?,?,00000000,00000000,?), ref: 737F5990
              • SetWindowTextA.USER32(?,?), ref: 737F599E
              • GetDlgItemTextA.USER32 ref: 737F59CA
              • EndDialog.USER32(?), ref: 737F5ADF
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Window$Text$DialogItemLongMemoryMove
              • String ID: BTN_REGP_OK_DOWN$BTN_REGP_OK_OVER$BTN_REGP_OK_UP
              • API String ID: 1467606235-2190942234
              • Opcode ID: 61876f535e0bdd4eb9f273f21d8bbaabca955bcd2a76cf582fa3015247e60786
              • Instruction ID: 1375d580e1e1e75a14182540449c08e07959b70ad084b70c6627dde078c01773
              • Opcode Fuzzy Hash: 61876f535e0bdd4eb9f273f21d8bbaabca955bcd2a76cf582fa3015247e60786
              • Instruction Fuzzy Hash: E921477250020BBFFB329A15CC45F8A3FAAFB00374F604215F55A6B2E0C3B25693A751
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 16%
              			E737F1FE3(intOrPtr* _a4) {
              				char _v1028;
              				struct HINSTANCE__* _t11;
              				_Unknown_base(*)()* _t14;
              				intOrPtr* _t18;
              				intOrPtr* _t22;
              				void* _t24;
              				CHAR* _t25;
              
              				GetTempPathA(0x400,  &_v1028);
              				lstrcatA( &_v1028, "\\bassmod.dll");
              				_t24 = 0;
              				_t11 = LoadLibraryA( &_v1028);
              				if(_t11 == 0) {
              					L12:
              					return _t24;
              				} else {
              					 *0x737fd89e = _t11;
              					_t25 = "BASSMOD_Init";
              					_t22 = 0x737fd88a;
              					while( *_t25 != 0) {
              						_t14 = GetProcAddress( *0x737fd89e, _t25);
              						if(_t14 == 0) {
              							FreeLibrary( *0x737fd89e);
              							 *0x737fd89e = 0;
              							goto L12;
              						}
              						 *_t22 = _t14;
              						_t22 = _t22 + 4;
              						while( *_t25 != 0) {
              							_t25 =  &(_t25[1]);
              						}
              						_t25 =  &(_t25[1]);
              					}
              					_push(0);
              					_push(0xac44);
              					_push(0xffffffff);
              					if( *0x737fd88a() == 1) {
              						 *0x737fd88e();
              						_t18 = _a4;
              						_push(6);
              						_push( *_t18);
              						_push(0);
              						_push(_t18 + 4);
              						_push(1);
              						if( *0x737fd892() == 1) {
              							 *0x737fd896();
              							_t24 = _t24 + 1;
              						}
              					}
              					goto L12;
              				}
              			}










              0x737f1ffd
              0x737f200e
              0x737f2013
              0x737f2021
              0x737f2023
              0x737f20b2
              0x737f20ba
              0x737f2029
              0x737f2029
              0x737f202e
              0x737f2033
              0x737f2071
              0x737f2046
              0x737f2048
              0x737f2060
              0x737f2065
              0x00000000
              0x737f2065
              0x737f204a
              0x737f204c
              0x737f2052
              0x737f2051
              0x737f2051
              0x737f2057
              0x737f2057
              0x737f2076
              0x737f2078
              0x737f207d
              0x737f2088
              0x737f208a
              0x737f2090
              0x737f2098
              0x737f209a
              0x737f209b
              0x737f209d
              0x737f209e
              0x737f20a9
              0x737f20ab
              0x737f20b1
              0x737f20b1
              0x737f20a9
              0x00000000
              0x737f2088

              APIs
              • GetTempPathA.KERNEL32(00000400,?), ref: 737F1FFD
              • lstrcatA.KERNEL32(?,\bassmod.dll,00000400,?), ref: 737F200E
              • LoadLibraryA.KERNEL32(?,?,\bassmod.dll,00000400,?), ref: 737F201C
              • GetProcAddress.KERNEL32(BASSMOD_Init,?), ref: 737F2041
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: AddressLibraryLoadPathProcTemplstrcat
              • String ID: BASSMOD_Init$\bassmod.dll
              • API String ID: 316107575-384773266
              • Opcode ID: fd126ba799ff017bc3079207f46b6b6581185f35fa4ca84c109f6e15e10bebf4
              • Instruction ID: 674bd58992984a9e40bc1d410261d7bb7c5f87e59f85ce7a50d4644a2662cb92
              • Opcode Fuzzy Hash: fd126ba799ff017bc3079207f46b6b6581185f35fa4ca84c109f6e15e10bebf4
              • Instruction Fuzzy Hash: 7111247B60420F6FF7216B158C89B657BEDFB00320F240025E54AD73D8D6B6A883DA22
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 94%
              			E737F65AE(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20) {
              				intOrPtr _t50;
              				void* _t53;
              				intOrPtr _t71;
              				intOrPtr _t75;
              				void* _t81;
              				void* _t84;
              				void* _t85;
              				void* _t86;
              				intOrPtr _t87;
              				void* _t88;
              				void* _t91;
              
              				_t87 = _a4;
              				_t75 = 0;
              				while( *((intOrPtr*)(_t75 + _t87)) != 0x4550) {
              					_t75 = _t75 + 1;
              					if(_t75 !=  *0x737fe519) {
              						continue;
              					} else {
              						LoadStringA( *0x737fd8a2, 0x16, 0x73811e45, 0x400);
              						E737F22C0(0x73811e45);
              						L3:
              						return 0;
              					}
              					L15:
              				}
              				_t88 = _t87 + _t75;
              				if( *((intOrPtr*)(_a4 +  *0x737fe519 - 4)) != 0x32505564) {
              					_t85 = _t88 + 0x18 + ( *(_t88 + 0x14) & 0x0000ffff);
              					 *(_t85 + 0x24) =  *(_t85 + 0x24) | 0x80000000;
              					_t86 = _t85 + (( *(_t88 + 6) & 0x0000ffff) - 1) * 0x28;
              					_t91 = _t88;
              					 *0x737f698d = 0;
              					if(_a8 == 4) {
              						 *0x737f698d =  *0x737f698d | 0x00000001;
              					}
              					if((_a20 & 0x00000040) != 0) {
              						 *0x737f698d =  *0x737f698d | 0x00000002;
              					}
              					 *0x737f6985 =  *((intOrPtr*)(_t91 + 0x28));
              					 *((intOrPtr*)(_t91 + 0x28)) =  *((intOrPtr*)(_t86 + 0xc)) +  *((intOrPtr*)(_t86 + 0x10));
              					if(_a8 != 4) {
              						_t50 = 0;
              					} else {
              						_t50 =  *((intOrPtr*)(_t86 + 0xc)) +  *((intOrPtr*)(_t86 + 0x10));
              					}
              					 *0x737f6991 = _t50;
              					_t53 = _a4 +  *((intOrPtr*)(_t86 + 0x14)) +  *((intOrPtr*)(_t86 + 0x10));
              					_push(_t53 + 0x278);
              					RtlMoveMemory(_t53, 0x737f6730, 0x278);
              					_pop(_t84);
              					_t78 = _a16;
              					_t71 =  *0x737fd880; // 0x300
              					RtlMoveMemory(_t84,  *((intOrPtr*)(_a16 + 0x16)) + _t78, _t71 -  *((intOrPtr*)(_a16 + 0x16)));
              					 *((intOrPtr*)(_t86 + 8)) =  *((intOrPtr*)(_t86 + 8)) + E737F6EE0(_a12, 0x100);
              					 *((intOrPtr*)(_t86 + 0x10)) =  *((intOrPtr*)(_t86 + 0x10)) + _a12;
              					 *(_t86 + 0x24) =  *(_t86 + 0x24) | 0xe0000000;
              					 *((intOrPtr*)(_t91 + 0x50)) = E737F6EE0( *((intOrPtr*)(_t86 + 0xc)) +  *((intOrPtr*)(_t86 + 8)),  *((intOrPtr*)(_t91 + 0x38)));
              					_t81 = _a4 +  *0x737fe529;
              					 *((char*)(_t81 - 1)) = 0x32;
              					 *((char*)(_t81 - 2)) = 0x50;
              					 *((char*)(_t81 - 3)) = 0x55;
              					 *((char*)(_t81 - 4)) = 0x64;
              					return 1;
              				} else {
              					LoadStringA( *0x737fd8a2, 0x17, 0x73812245, 0x400);
              					E737F22C0(0x73812245);
              					goto L3;
              				}
              				goto L15;
              			}














              0x737f65b6
              0x737f65b9
              0x737f65f2
              0x737f65bd
              0x737f65c4
              0x00000000
              0x737f65c6
              0x737f65d8
              0x737f65e2
              0x737f65e7
              0x737f65ef
              0x737f65ef
              0x00000000
              0x737f65c4
              0x737f65fb
              0x737f660d
              0x737f6644
              0x737f6646
              0x737f664d
              0x737f664f
              0x737f6650
              0x737f665e
              0x737f6660
              0x737f6660
              0x737f666e
              0x737f6670
              0x737f6670
              0x737f667a
              0x737f6686
              0x737f668d
              0x737f6699
              0x737f668f
              0x737f6695
              0x737f6695
              0x737f669b
              0x737f66a6
              0x737f66b7
              0x737f66bb
              0x737f66c0
              0x737f66c1
              0x737f66ca
              0x737f66d5
              0x737f66e8
              0x737f66ee
              0x737f66f1
              0x737f6708
              0x737f670e
              0x737f6714
              0x737f6718
              0x737f671c
              0x737f6720
              0x737f672d
              0x737f660f
              0x737f6621
              0x737f662b
              0x00000000
              0x737f662b
              0x00000000

              APIs
              • LoadStringA.USER32 ref: 737F65D8
              • LoadStringA.USER32 ref: 737F6621
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000180,00000000,?), ref: 737F22D9
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,0000018B,00000000,00000000), ref: 737F22E8
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000186,-00000001,00000000), ref: 737F22F7
              • RtlMoveMemory.KERNEL32(?,737F6730,00000278,?,?,?,?,?,00000001,?,737F4846,00000004,-737FD608,?,00000004,00000008), ref: 737F66BB
              • RtlMoveMemory.KERNEL32(?,?,00000300,737F6730,00000278,?,?,?,?,?,00000001,?,737F4846,00000004,-737FD608,?), ref: 737F66D5
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: MessageSend$LoadMemoryMoveString
              • String ID: @$dUP2
              • API String ID: 1206653450-646226640
              • Opcode ID: 4437b6e27e86a8370c439c52cdd12f82985ff9432abb206ae78fca7b14c4ae32
              • Instruction ID: 145329528d91877836b89c8436935a951396c5d149471e4f058789db1f45e0c7
              • Opcode Fuzzy Hash: 4437b6e27e86a8370c439c52cdd12f82985ff9432abb206ae78fca7b14c4ae32
              • Instruction Fuzzy Hash: C441DFB2200707AFE704DF69C985B2AB7E8FB04318F20C12DE50A87791D375E816CB60
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F3683(struct HWND__* _a4, intOrPtr _a8, struct HDC__* _a12, struct HWND__* _a16) {
              				intOrPtr _t23;
              				void* _t24;
              				struct HBRUSH__* _t37;
              				void* _t43;
              
              				_t23 = _a8;
              				if(_t23 != 0x110) {
              					if(_t23 != 0x111) {
              						if(_t23 == 0x138 || _t23 == 0x133) {
              							if( *0x737fe537 != 1) {
              								_t24 = 0;
              							} else {
              								if(GetDlgCtrlID(_a16) != 0x65) {
              									SetTextColor(_a12,  *0x737fe940);
              									if( *0x737fe93c != 0xffffffff) {
              										SetBkColor(_a12,  *0x737fe938);
              										_t24 = CreateSolidBrush( *0x737fe938);
              									} else {
              										SetBkMode(_a12, 1);
              										_t24 = GetStockObject(5);
              									}
              								} else {
              									SetTextColor(_a12,  *0x737fe940);
              									if( *0x737fe93c != 0xffffffff) {
              										SetBkColor(_a12,  *0x737fe93c);
              										_t24 = CreateSolidBrush( *0x737fe93c);
              									} else {
              										SetBkMode(_a12, 1);
              										_t24 = GetStockObject(5);
              									}
              								}
              							}
              							return _t24;
              						} else {
              							if(_t23 != 0x136) {
              								if(_t23 != 0x2b) {
              									if(_t23 != 0x200) {
              										if(_t23 != 0x10) {
              											return 0;
              										} else {
              											goto L38;
              										}
              									} else {
              										if(_a12 == 1) {
              											SendMessageA(_a4, 0x112, 0xf012, 0);
              										}
              										goto L40;
              									}
              								} else {
              									return E737F3C60(_a4, _a16);
              								}
              							} else {
              								if( *0x737fe537 != 1) {
              									_t37 = 0;
              								} else {
              									_t37 = CreateSolidBrush( *0x737fe938);
              								}
              								return _t37;
              							}
              						}
              					} else {
              						if(_a12 == 0x66) {
              							L38:
              							EndDialog(_a4, 0);
              						}
              						goto L40;
              					}
              				} else {
              					if((GetWindowLongA( *0x737fd8a6, 0xffffffec) & 0x00000008) == 0) {
              						SetWindowPos(_a4, 0xfffffffe, 0, 0, 0, 0, 3);
              					}
              					SetDlgItemTextA(_a4, 0x65, E737F2A53( *0x737fd8aa, 8));
              					if( *0x737fe537 == 1 &&  *0x737fe954 != 0xffffffff &&  *0x737fe958 != 0xffffffff) {
              						E737F3C34(_a4, 0x66);
              					}
              					E737F16E0( *0x737fd8a2, _a4, "BTN_ABOUT_OK_UP", "BTN_ABOUT_OK_DOWN", "BTN_ABOUT_OK_OVER", 0x66);
              					_t43 = E737F1460( *0x737fd8a2, 0xb, 1);
              					_t44 = _t43;
              					if(_t43 != 0) {
              						E737F3AE0(_a4, _t44);
              					}
              					E737F7260(_a4,  *0x737fd8a6);
              					L40:
              					return 1;
              				}
              			}







              0x737f3696
              0x737f369e
              0x737f375c
              0x737f3779
              0x737f378d
              0x737f382b
              0x737f3793
              0x737f379f
              0x737f37ef
              0x737f37fb
              0x737f3819
              0x737f3824
              0x737f37fd
              0x737f3802
              0x737f3809
              0x737f3809
              0x737f37a1
              0x737f37aa
              0x737f37b6
              0x737f37d4
              0x737f37df
              0x737f37b8
              0x737f37bd
              0x737f37c4
              0x737f37c4
              0x737f37b6
              0x737f379f
              0x737f3834
              0x737f383c
              0x737f3841
              0x737f386a
              0x737f3885
              0x737f38a6
              0x737f38bd
              0x00000000
              0x00000000
              0x00000000
              0x737f3887
              0x737f388b
              0x737f389c
              0x737f389c
              0x00000000
              0x737f388b
              0x737f386c
              0x737f387b
              0x737f387b
              0x737f3843
              0x737f384a
              0x737f3859
              0x737f384c
              0x737f3852
              0x737f3852
              0x737f3862
              0x737f3862
              0x737f3841
              0x737f375e
              0x737f3764
              0x737f38a8
              0x737f38ad
              0x737f38ad
              0x00000000
              0x737f3764
              0x737f36a4
              0x737f36b6
              0x737f36c7
              0x737f36c7
              0x737f36df
              0x737f36eb
              0x737f3704
              0x737f3704
              0x737f3723
              0x737f3732
              0x737f3737
              0x737f3739
              0x737f373f
              0x737f373f
              0x737f374d
              0x737f38c0
              0x737f38c9
              0x737f38c9

              APIs
              • GetWindowLongA.USER32 ref: 737F36AC
              • SetWindowPos.USER32(?,000000FE,00000000,00000000,00000000,00000000,00000003,000000EC), ref: 737F36C7
              • SetDlgItemTextA.USER32 ref: 737F36DF
              • EndDialog.USER32(?,00000000), ref: 737F38AD
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Window$DialogItemLongText
              • String ID: BTN_ABOUT_OK_DOWN$BTN_ABOUT_OK_OVER$BTN_ABOUT_OK_UP
              • API String ID: 917433306-3517212525
              • Opcode ID: 35b30dcced84939fe97def96f4207dd482cfeb3757111b91303ecf15636ec574
              • Instruction ID: aea92f4b940e670a2a67bcde1dce34d0945b06fd27d1c21553c2cf29cbe2b5c1
              • Opcode Fuzzy Hash: 35b30dcced84939fe97def96f4207dd482cfeb3757111b91303ecf15636ec574
              • Instruction Fuzzy Hash: D811B672240307BFFB216A15CDC6F4A3F66FB007A4F204221F6196A2F4D7A79453AB50
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 79%
              			E737F2313(CHAR* _a4) {
              				int _t3;
              
              				asm("pushad");
              				_t3 = IsDlgButtonChecked( *0x737fd8a6, 0x6b);
              				if(_t3 == 1) {
              					lstrcpyA(0x737fdd11, _a4);
              					lstrcatA(0x737fdd11, ".BAK");
              					if(GetFileAttributesA(0x737fdd11) != 0xffffffff) {
              						_t3 = 1;
              					} else {
              						CopyFileA(_a4, 0x737fdd11, 0);
              						_t3 = 0;
              					}
              					 *0x737fe52d = _t3;
              				}
              				asm("popad");
              				return _t3;
              			}




              0x737f2316
              0x737f231f
              0x737f2327
              0x737f2332
              0x737f233d
              0x737f234b
              0x737f235c
              0x737f234d
              0x737f2353
              0x737f2358
              0x737f2358
              0x737f235e
              0x737f235e
              0x737f2363
              0x737f2365

              APIs
              • IsDlgButtonChecked.USER32(0000006B), ref: 737F231F
              • lstrcpyA.KERNEL32(737FDD11,?), ref: 737F2332
              • lstrcatA.KERNEL32(737FDD11,.BAK,737FDD11,?), ref: 737F233D
              • GetFileAttributesA.KERNEL32(737FDD11,737FDD11,.BAK,737FDD11,?), ref: 737F2343
              • CopyFileA.KERNEL32(?,737FDD11,00000000), ref: 737F2353
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: File$AttributesButtonCheckedCopylstrcatlstrcpy
              • String ID: .BAK
              • API String ID: 1049863671-450607331
              • Opcode ID: 52668f28b8b3072e210b5e5ff4727062808def528fd62227edb85808dd6e01bd
              • Instruction ID: f5bd8ced2558f9f58684b1bf44135ebee63ab84d9c312a009c2443e716a46ffa
              • Opcode Fuzzy Hash: 52668f28b8b3072e210b5e5ff4727062808def528fd62227edb85808dd6e01bd
              • Instruction Fuzzy Hash: 53E0227350122776E91227604E82F8E3F0EBF02374F308102F2246B3E2C66641137BA9
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F2411(CHAR* _a4) {
              				char _v1028;
              				int _t8;
              				CHAR* _t10;
              
              				_t10 =  &_v1028;
              				lstrcpyA(_t10, _a4);
              				lstrcatA(_t10, ".tmp");
              				DeleteFileA(_t10);
              				_t8 = MoveFileA(_a4, _t10);
              				if(_t8 == 1) {
              					_t8 = CopyFileA(_t10, _a4, 1);
              					if(_t8 == 1) {
              						return 1;
              					}
              				}
              				return _t8;
              			}






              0x737f241b
              0x737f2425
              0x737f2430
              0x737f2436
              0x737f243f
              0x737f2447
              0x737f244f
              0x737f2457
              0x00000000
              0x737f2459
              0x737f2457
              0x737f2460

              APIs
              • lstrcpyA.KERNEL32(?,?), ref: 737F2425
              • lstrcatA.KERNEL32(?,.tmp,?,?), ref: 737F2430
              • DeleteFileA.KERNEL32(?,?,.tmp,?,?), ref: 737F2436
              • MoveFileA.KERNEL32 ref: 737F243F
              • CopyFileA.KERNEL32(?,?,00000001), ref: 737F244F
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: File$CopyDeleteMovelstrcatlstrcpy
              • String ID: .tmp
              • API String ID: 2634143726-2986845003
              • Opcode ID: 20310fce9ec0a03bfd25b3e9325b51361ac6bfdc506c274a7432cf756321058d
              • Instruction ID: 0cdde0853dc5d8e8abd3d164cd3c134ba5536e37c975b6349591e903155b1b6c
              • Opcode Fuzzy Hash: 20310fce9ec0a03bfd25b3e9325b51361ac6bfdc506c274a7432cf756321058d
              • Instruction Fuzzy Hash: 84E0ED3650153A36DE2216548F45FCE361DBF02354F10C111FA05B7694E7669B938ADA
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 39%
              			E737F3AF9(struct HWND__* _a4, intOrPtr _a8) {
              				intOrPtr* _t7;
              
              				asm("pushad");
              				_t7 = GetProcAddress(GetModuleHandleA("user32.dll"), "SetLayeredWindowAttributes");
              				if(_t7 != 0) {
              					SetWindowLongA(_a4, 0xffffffec, GetWindowLongA(_a4, 0xffffffec) | 0x00080000);
              					_t7 =  *_t7(_a4, 0, _a8, 2);
              				}
              				asm("popad");
              				return _t7;
              			}




              0x737f3afc
              0x737f3b12
              0x737f3b14
              0x737f3b2d
              0x737f3b3c
              0x737f3b3c
              0x737f3b3e
              0x737f3b40

              APIs
              • GetModuleHandleA.KERNEL32(user32.dll,?,737F3AF5,?,00000002,?,737F3272,?,00000000,00000000,000000CA,73804E3D,0000000F,73804E3D,00000400,00000000), ref: 737F3B02
              • GetProcAddress.KERNEL32(00000000,SetLayeredWindowAttributes), ref: 737F3B0D
              • GetWindowLongA.USER32 ref: 737F3B1D
              • SetWindowLongA.USER32 ref: 737F3B2D
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: LongWindow$AddressHandleModuleProc
              • String ID: SetLayeredWindowAttributes$user32.dll
              • API String ID: 1792074081-3673630139
              • Opcode ID: 0cebf8d5a558499b1d8944ead1361ce5fe1559e231c24c7669b01fcfd84e3d40
              • Instruction ID: 2b53e4d3d0b85038f22ff9952c33f47e221287ee17cc17fdcbb2a1bb820bea49
              • Opcode Fuzzy Hash: 0cebf8d5a558499b1d8944ead1361ce5fe1559e231c24c7669b01fcfd84e3d40
              • Instruction Fuzzy Hash: F5E01A2220420A7BEE012B65CE05F593D5AFB413A0F20C210B965EA3E1CBA1C813AA90
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 92%
              			E737F4791(void* __edx, intOrPtr* _a4) {
              				signed char _v8;
              				signed char _v9;
              				signed int _v16;
              				void* _t61;
              				CHAR* _t64;
              				signed int _t84;
              				intOrPtr* _t86;
              				signed int* _t87;
              
              				_t86 = _a4;
              				_v8 = 0;
              				_v9 = 1;
              				if(( *(_t86 + 0x1e) & 0x00000008) != 0) {
              					E737F40CF();
              				}
              				LoadStringA( *0x737fd8a2, 3, 0x7380863d, 0x400);
              				E737F22C0(0x7380863d);
              				 *_t9 =  *(_t86 + 0x1e);
              				if(E737F2463(_t86 + 0x22,  *((intOrPtr*)(_t86 + 6)), _v16) != 0) {
              					if(( *(_t86 + 0x1e) & 0x00000004) == 0) {
              						_t87 =  *((intOrPtr*)(_t86 + 0x16)) + _t86;
              						do {
              							_t84 =  *_t87;
              							_t61 = E737F6740( *0x737fe521,  &(_t87[2]),  &(_t87[2]) + _t84, _t87 + 8 + _t84 * 2, _t87 + 8 + _t84 * 2 + _t84, _t84,  *0x737fe519, _t87[1]);
              							asm("pushad");
              							if(_t61 != 0) {
              								_v8 = 1;
              								goto L17;
              							} else {
              								if( *(_t87 + 8 + _t84 * 4) == 0) {
              									asm("popad");
              								} else {
              									LoadStringA( *0x737fd8a2, 0x26, 0x7380923d, 0x400);
              									E737F22C0(0x7380923d);
              									goto L17;
              								}
              							}
              							goto L18;
              							L17:
              							asm("popad");
              							_t87 = _t87 + 8 + _t84 * 4;
              						} while ( *_t87 != 0);
              					} else {
              						if(E737F65AE( *0x737fe521, 4, 0x278 +  *0x737fd880, _t86,  *(_t86 + 0x1e)) != 0) {
              							LoadStringA( *0x737fd8a2, 9, 0x73808e3d, 0x400);
              							E737F22C0(0x73808e3d);
              							_v8 = 1;
              						} else {
              							LoadStringA( *0x737fd8a2, 8, 0x73808a3d, 0x400);
              							E737F22C0(0x73808a3d);
              							 *0x737fe529 =  *0x737fe519;
              							_v9 = 0;
              						}
              					}
              					L18:
              					E737F28D8(_v8, _v16);
              				} else {
              					E737F28D8(_v8, _v16);
              					if(E737F4616(_a4) != 0) {
              						_v8 = 1;
              						_v9 = 1;
              					}
              				}
              				if(_v8 != 0) {
              					LoadStringA( *0x737fd8a2, 0xb, 0x73809a3d, 0x400);
              					_t64 = 0x73809a3d;
              				} else {
              					LoadStringA( *0x737fd8a2, 0xa, 0x7380963d, 0x400);
              					_t64 = 0x7380963d;
              					_v9 = 0;
              				}
              				E737F22C0(_t64);
              				if((_t87[7] & 0x00000008) != 0) {
              					E737F40FA();
              				}
              				return _v9 & 0x000000ff;
              			}











              0x737f479a
              0x737f479d
              0x737f47a4
              0x737f47af
              0x737f47b1
              0x737f47b1
              0x737f47c8
              0x737f47d2
              0x737f47dd
              0x737f47ee
              0x737f4823
              0x737f48ad
              0x737f48b0
              0x737f48b0
              0x737f48d8
              0x737f48dd
              0x737f48e0
              0x737f490f
              0x00000000
              0x737f48e2
              0x737f48e7
              0x737f490c
              0x737f48e9
              0x737f48fb
              0x737f4905
              0x00000000
              0x737f4905
              0x737f48e7
              0x00000000
              0x737f4916
              0x737f4916
              0x737f4917
              0x737f491b
              0x737f4829
              0x737f4848
              0x737f488f
              0x737f4899
              0x737f489e
              0x737f484a
              0x737f485c
              0x737f4866
              0x737f4871
              0x737f4877
              0x737f4877
              0x737f48a5
              0x737f4920
              0x737f4926
              0x737f47f0
              0x737f47f6
              0x737f4805
              0x737f4807
              0x737f480e
              0x737f480e
              0x737f4812
              0x737f492f
              0x737f4965
              0x737f496a
              0x737f4931
              0x737f4943
              0x737f4948
              0x737f494d
              0x737f494d
              0x737f4970
              0x737f497c
              0x737f497e
              0x737f497e
              0x737f498b

              APIs
              • LoadStringA.USER32 ref: 737F47C8
              • LoadStringA.USER32 ref: 737F4943
                • Part of subcall function 737F40CF: GetModuleHandleA.KERNEL32(kernel32.dll,737F4F4B), ref: 737F40D4
                • Part of subcall function 737F40CF: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 737F40DF
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: LoadString$AddressHandleModuleProc
              • String ID:
              • API String ID: 2917493658-0
              • Opcode ID: 4460b9e3bb02512a5f28b6419d605291fe0215f1bc49d17b95fbb3c6f2f8a87a
              • Instruction ID: ce1b19ae36c16c39fa2ae331e14982cdcdb5a58021167bc048a0efd6dc69a46d
              • Opcode Fuzzy Hash: 4460b9e3bb02512a5f28b6419d605291fe0215f1bc49d17b95fbb3c6f2f8a87a
              • Instruction Fuzzy Hash: 9151D13260420AFFEB229B91CD4AF8A7BB6FB00354F108118B655B73A4D3B59647AB10
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F2CEE(struct HWND__* _a4, int _a8, int _a12, long _a16) {
              				int _t13;
              				_Unknown_base(*)()* _t14;
              				_Unknown_base(*)()* _t18;
              
              				_t13 = _a8;
              				if(_t13 == 0x102 || _t13 == 0x100 || _t13 == 0x101 || _t13 == 0x115 || _t13 == 0x114 || _t13 == 0x202 || _t13 == 0x205 || _t13 == 0x201 || _t13 == 0x204 || _t13 == 0x114 || _t13 == 0x115 || _t13 == 0xc || _t13 == 0x20a) {
              					_t14 = GetDlgCtrlID(_a4);
              					if(_t14 != 0x6a) {
              						if(_t14 == 0x6f) {
              							_t14 =  *0x737fe533;
              						}
              					} else {
              						_t14 =  *0x737fe52f;
              					}
              					CallWindowProcA(_t14, _a4, _a8, _a12, _a16);
              					return InvalidateRect(GetParent(_a4), 0, 0);
              				} else {
              					_t18 = GetDlgCtrlID(_a4);
              					if(_t18 != 0x6a) {
              						if(_t18 == 0x6f) {
              							_t18 =  *0x737fe533;
              						}
              					} else {
              						_t18 =  *0x737fe52f;
              					}
              					return CallWindowProcA(_t18, _a4, _a8, _a12, _a16);
              				}
              			}






              0x737f2cf3
              0x737f2cfb
              0x737f2d52
              0x737f2d5a
              0x737f2d66
              0x737f2d68
              0x737f2d68
              0x737f2d5c
              0x737f2d5c
              0x737f2d5c
              0x737f2d7a
              0x737f2d92
              0x737f2d95
              0x737f2d98
              0x737f2da0
              0x737f2dac
              0x737f2dae
              0x737f2dae
              0x737f2da2
              0x737f2da2
              0x737f2da2
              0x737f2dc6
              0x737f2dc6

              APIs
              • GetDlgCtrlID.USER32(?), ref: 737F2D52
              • CallWindowProcA.USER32 ref: 737F2D7A
              • GetParent.USER32(?), ref: 737F2D82
              • InvalidateRect.USER32(00000000,00000000,00000000,?,00000000,?,?,?,?,?), ref: 737F2D8C
              • GetDlgCtrlID.USER32(?), ref: 737F2D98
              • CallWindowProcA.USER32 ref: 737F2DC0
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: CallCtrlProcWindow$InvalidateParentRect
              • String ID:
              • API String ID: 1256023302-0
              • Opcode ID: 69e7efddaf45a3f679cfa0bb59ad69a68529d72fb878d5802115a5ab0b4fd9a7
              • Instruction ID: 0ac1ca517c6b93d1c8ed64fc4fe1eb1985d8bee3a382e5879ec25a2d4439e801
              • Opcode Fuzzy Hash: 69e7efddaf45a3f679cfa0bb59ad69a68529d72fb878d5802115a5ab0b4fd9a7
              • Instruction Fuzzy Hash: 18211D3910424FAEDF229A64D985F9D367BFF04300F248861F516FB2F5CA7AD492A711
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F57A2(void* _a4, void* _a8) {
              				char _v1028;
              				void* _v1032;
              				int _t25;
              				void* _t26;
              				CHAR* _t27;
              				void* _t28;
              
              				_t28 = _a4;
              				_t26 = _a8;
              				_v1032 = _t28;
              				L16:
              				while( *_t28 != 0) {
              					while( *_t28 != 0x24) {
              						if( *_t28 == 0xa0d) {
              							L15:
              							_t28 = _t28 + 1;
              							goto L16;
              						}
              						if( *_t28 == 0) {
              							goto L17;
              						}
              						_t28 = _t28 + 1;
              					}
              					 *0x7380e63d = _t28;
              					_t28 = _t28 + 1;
              					while( *_t28 != 0x24) {
              						if( *_t28 == 0xa0d) {
              							goto L15;
              						}
              						if( *_t28 == 0) {
              							goto L17;
              						}
              						_t28 = _t28 + 1;
              					}
              					_t28 = _t28 + 1;
              					if( *0x737fe95c != 0) {
              						E737F22C0("Can not use placeholders in console mode.");
              					} else {
              						if(DialogBoxParamA( *0x737fd8a2, 3,  *0x737fd8a6, E737F58B0,  &_v1028) != 0) {
              							_t25 =  *0x7380e63d - _v1032;
              							RtlMoveMemory(_t26, _v1032, _t25);
              							_t27 = _t26 + _t25;
              							lstrcatA(_t27,  &_v1028);
              							_t26 =  &(_t27[E737F6C90( &_v1028)]);
              							_v1032 = _t28;
              						}
              					}
              					goto L15;
              				}
              				L17:
              				RtlMoveMemory(_t26, _v1032, _t28 - _v1032);
              				return E737F6C90(_a8);
              			}









              0x737f57ae
              0x737f57b1
              0x737f57b4
              0x00000000
              0x737f5874
              0x737f57d6
              0x737f57c6
              0x737f5873
              0x737f5873
              0x00000000
              0x737f5873
              0x737f57cf
              0x00000000
              0x00000000
              0x737f57d5
              0x737f57d5
              0x737f57db
              0x737f57e1
              0x737f57f9
              0x737f57e9
              0x00000000
              0x00000000
              0x737f57f2
              0x00000000
              0x00000000
              0x737f57f8
              0x737f57f8
              0x737f57fe
              0x737f5806
              0x737f586e
              0x737f5808
              0x737f5829
              0x737f5831
              0x737f583f
              0x737f5844
              0x737f584e
              0x737f585f
              0x737f5861
              0x737f5861
              0x737f5829
              0x00000000
              0x737f5806
              0x737f587d
              0x737f588d
              0x737f589e

              APIs
              • DialogBoxParamA.USER32 ref: 737F5822
              • RtlMoveMemory.KERNEL32(?,?,?,00000003,737F58B0,?,00000001,?,?), ref: 737F583F
              • lstrcatA.KERNEL32(?,?,?,?,?,00000003,737F58B0,?,00000001,?,?), ref: 737F584E
              • RtlMoveMemory.KERNEL32(?,?,?,00000001,?,?), ref: 737F588D
              Strings
              • Can not use placeholders in console mode., xrefs: 737F5869
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: MemoryMove$DialogParamlstrcat
              • String ID: Can not use placeholders in console mode.
              • API String ID: 608252020-475865414
              • Opcode ID: fdb000cc4da74a253d219360ffd578f5756a60a817eda2e28750cbcdd9855f8d
              • Instruction ID: d53fffccff52784dd69eb25946a5e4e0b13891b9f6b67837b8251dcb9ba1aeb8
              • Opcode Fuzzy Hash: fdb000cc4da74a253d219360ffd578f5756a60a817eda2e28750cbcdd9855f8d
              • Instruction Fuzzy Hash: 312125F680021BAFEB229B50CC44B59BBBCFB44320F644199E78663391E23057C3EB64
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 68%
              			E737F29EF() {
              				char _v8;
              				char _v12;
              				intOrPtr _v16;
              				void* _t9;
              				intOrPtr* _t12;
              				void* _t17;
              				void* _t19;
              
              				_v16 = 0;
              				_t9 = LoadLibraryA("Imagehlp.dll");
              				if(_t9 != 0) {
              					_t19 = _t9;
              					_t12 = GetProcAddress(_t19, "CheckSumMappedFile");
              					if(_t12 != 0) {
              						_t17 =  *_t12( *0x737fe521,  *0x737fe529,  &_v8,  &_v12);
              						if(_t17 != 0) {
              							 *((intOrPtr*)(_t17 + 0x58)) = _v12;
              							_v16 = 1;
              						}
              					}
              					CloseHandle(_t19);
              				}
              				return _v16;
              			}










              0x737f29f6
              0x737f2a07
              0x737f2a09
              0x737f2a0b
              0x737f2a18
              0x737f2a1a
              0x737f2a34
              0x737f2a36
              0x737f2a3d
              0x737f2a40
              0x737f2a40
              0x737f2a36
              0x737f2a48
              0x737f2a48
              0x737f2a52

              APIs
              • LoadLibraryA.KERNEL32(Imagehlp.dll), ref: 737F2A02
              • GetProcAddress.KERNEL32(00000000,CheckSumMappedFile), ref: 737F2A13
              • CloseHandle.KERNEL32(00000000,00000000,CheckSumMappedFile,Imagehlp.dll), ref: 737F2A48
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: AddressCloseHandleLibraryLoadProc
              • String ID: CheckSumMappedFile$Imagehlp.dll
              • API String ID: 4093397079-2254704603
              • Opcode ID: f57d0137e72c19b2a2e6adfaf7e11407be4033f22bd7976a9ca19e78c66e2666
              • Instruction ID: d1719279b7b428b774c8ca310fecaa9b9960bdee9c22ad67d2a67a25922b4282
              • Opcode Fuzzy Hash: f57d0137e72c19b2a2e6adfaf7e11407be4033f22bd7976a9ca19e78c66e2666
              • Instruction Fuzzy Hash: 9BF05476B0420BABDB109BA5CDC4B9E77F8B708304F108661A526E7391FA74D5028F10
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 68%
              			E737F40FA() {
              				intOrPtr* _t3;
              
              				_t3 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "Wow64RevertWow64FsRedirection");
              				if(_t3 != 0) {
              					 *_t3( *0x737fd90d);
              					return E737F22C0("WOW64 File System Redirection : enabled");
              				}
              				return _t3;
              			}




              0x737f410f
              0x737f4111
              0x737f4119
              0x00000000
              0x737f4120
              0x737f4125

              APIs
              • GetModuleHandleA.KERNEL32(kernel32.dll,737F524F), ref: 737F40FF
              • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 737F410A
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000180,00000000,?), ref: 737F22D9
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,0000018B,00000000,00000000), ref: 737F22E8
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000186,-00000001,00000000), ref: 737F22F7
              Strings
              • WOW64 File System Redirection : enabled, xrefs: 737F411B
              • Wow64RevertWow64FsRedirection, xrefs: 737F4104
              • kernel32.dll, xrefs: 737F40FA
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: MessageSend$AddressHandleModuleProc
              • String ID: WOW64 File System Redirection : enabled$Wow64RevertWow64FsRedirection$kernel32.dll
              • API String ID: 1180987372-293881157
              • Opcode ID: 44a1c8f462e60ed64dc99dce1f7752a6f45ae1a2edcaae2dfb4c820736689b4a
              • Instruction ID: cf1b8111e105cecb0922ac5fa72285c8032895c8f189d497ae3d3e3b92e9a092
              • Opcode Fuzzy Hash: 44a1c8f462e60ed64dc99dce1f7752a6f45ae1a2edcaae2dfb4c820736689b4a
              • Instruction Fuzzy Hash: 37C08C1A30020BEBF90133B20E8CF181405FF083003A042046A61E7319CB0885035C20
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 68%
              			E737F40CF() {
              				intOrPtr* _t3;
              
              				_t3 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "Wow64DisableWow64FsRedirection");
              				if(_t3 != 0) {
              					 *_t3(0x737fd90d);
              					return E737F22C0("WOW64 File System Redirection : disabled");
              				}
              				return _t3;
              			}




              0x737f40e4
              0x737f40e6
              0x737f40ed
              0x00000000
              0x737f40f4
              0x737f40f9

              APIs
              • GetModuleHandleA.KERNEL32(kernel32.dll,737F4F4B), ref: 737F40D4
              • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 737F40DF
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000180,00000000,?), ref: 737F22D9
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,0000018B,00000000,00000000), ref: 737F22E8
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000186,-00000001,00000000), ref: 737F22F7
              Strings
              • kernel32.dll, xrefs: 737F40CF
              • Wow64DisableWow64FsRedirection, xrefs: 737F40D9
              • WOW64 File System Redirection : disabled, xrefs: 737F40EF
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: MessageSend$AddressHandleModuleProc
              • String ID: WOW64 File System Redirection : disabled$Wow64DisableWow64FsRedirection$kernel32.dll
              • API String ID: 1180987372-1162415981
              • Opcode ID: 6655637d61239a94ad0ccce3a5260d9e0b08301d42eeb705f43920c77747f428
              • Instruction ID: 72ef93c3c2eb4045739e8d3a4ba5624af5ba59f7421b8df9bd9334cc66538190
              • Opcode Fuzzy Hash: 6655637d61239a94ad0ccce3a5260d9e0b08301d42eeb705f43920c77747f428
              • Instruction Fuzzy Hash: FDC0484A75024BABAA0023F12F89F2C0885BD492903984650AAB2AB74E8F048113AC32
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F5266(intOrPtr _a4) {
              				char _v1028;
              				char _v1032;
              				char _v1036;
              				intOrPtr _v1040;
              				char _v1044;
              				char _v1164;
              				char _v1168;
              				intOrPtr _t86;
              				CHAR* _t87;
              				intOrPtr _t88;
              				intOrPtr _t89;
              				intOrPtr _t90;
              				void* _t91;
              				void* _t92;
              				char* _t93;
              				signed int _t94;
              				char* _t97;
              				CHAR* _t98;
              				void* _t99;
              				intOrPtr _t100;
              
              				LoadStringA( *0x737fd8a2, 0x1f, 0x7380de3d, 0x400);
              				E737F22C0(0x7380de3d);
              				_v1032 = 0;
              				_t100 = _a4;
              				_t98 = _t100 + 1;
              				_t87 =  &_v1028;
              				lstrcpyA(_t87, _t98);
              				lstrcatA(_t87, 0x737fd6e7);
              				lstrcatA(_t87, _t100 + 0x401);
              				E737F22C0(_t87);
              				lstrcpyA(_t87, _t98);
              				_t90 = 0;
              				L2:
              				if( *((char*)(_t90 + _t87)) != 0x5c) {
              					_t90 = _t90 + 1;
              					goto L2;
              				}
              				 *((char*)(_t90 + _t87)) = 0;
              				_t9 =  &(_t98[1]); // 0x1
              				_v1040 = _t90 + _t9;
              				_t73 = E737F1657( &_v1028);
              				if(E737F1657( &_v1028) == 0) {
              					L30:
              					return _v1032;
              				}
              				if(( *(_t100 + 0x481) & 0x00000004) == 0) {
              					if(( *(_t100 + 0x481) & 0x00000001) != 0) {
              						_t91 = _t100 + 0x401;
              						_t93 =  &_v1028;
              						if(( *(_t100 + 0x88d) & 0x80000000) == 0) {
              							_t88 = 0;
              						} else {
              							_t88 = 1;
              						}
              						if(E737F6F00(_t93, _t73, _v1040, _t91, _t88) == 0) {
              							_t99 = _t100 + 0x489;
              							_t94 =  *(_t100 + 0x88d);
              							if(( *(_t100 + 0x485) & 0x00000001) == 0) {
              								if(( *(_t100 + 0x485) & 0x00000010) != 0 && E737F3E20(_t99,  &_v1028, _t94 | 0x00001000,  &_v1044,  &_v1164,  &_v1168) >= 0) {
              									_v1032 = 1;
              								}
              							} else {
              								if(E737F3E20(_t99,  &_v1028, _t94 | 0x00000800, 0, 0, 0) >= 0) {
              									_v1032 = 1;
              								}
              							}
              						}
              					}
              					goto L30;
              				}
              				_t92 = _t100 + 0x401;
              				_t97 =  &_v1036;
              				if(( *(_t100 + 0x88d) & 0x80000000) == 0) {
              					_t89 = 0;
              				} else {
              					_t89 = 1;
              				}
              				if(E737F6FA0(_t97, _t73, _v1040, _t92, _t89) == 0) {
              					_t86 = _v1036;
              					if(( *(_t100 + 0x485) & 0x00000001) == 0) {
              						if(( *(_t100 + 0x485) & 0x00000004) == 0) {
              							if(( *(_t100 + 0x485) & 0x00000008) != 0 && _t86 >  *((intOrPtr*)(_t100 + 0x889))) {
              								_v1032 = 1;
              							}
              						} else {
              							if(_t86 <  *((intOrPtr*)(_t100 + 0x889))) {
              								_v1032 = 1;
              							}
              						}
              					} else {
              						if(_t86 ==  *((intOrPtr*)(_t100 + 0x889))) {
              							_v1032 = 1;
              						}
              					}
              				}
              			}























              0x737f5284
              0x737f528e
              0x737f5293
              0x737f529d
              0x737f52a0
              0x737f52a3
              0x737f52ab
              0x737f52b6
              0x737f52c3
              0x737f52c9
              0x737f52d0
              0x737f52d5
              0x737f52da
              0x737f52de
              0x737f52d9
              0x00000000
              0x737f52d9
              0x737f52e0
              0x737f52e4
              0x737f52e8
              0x737f52fa
              0x737f52fc
              0x737f5482
              0x737f548c
              0x737f548c
              0x737f530c
              0x737f53bd
              0x737f53c3
              0x737f53c9
              0x737f53d9
              0x737f53e2
              0x737f53db
              0x737f53db
              0x737f53db
              0x737f53f5
              0x737f53fb
              0x737f5401
              0x737f5411
              0x737f5448
              0x737f5478
              0x737f5478
              0x737f5413
              0x737f5430
              0x737f5432
              0x737f5432
              0x737f5430
              0x737f5411
              0x737f53f5
              0x00000000
              0x737f53bd
              0x737f5312
              0x737f5318
              0x737f5328
              0x737f5331
              0x737f532a
              0x737f532a
              0x737f532a
              0x737f5344
              0x737f534a
              0x737f535a
              0x737f537a
              0x737f539a
              0x737f53a4
              0x737f53a4
              0x737f537c
              0x737f5382
              0x737f5384
              0x737f5384
              0x737f5382
              0x737f535c
              0x737f5362
              0x737f5364
              0x737f5364
              0x737f5362
              0x737f53ae

              APIs
              • LoadStringA.USER32 ref: 737F5284
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000180,00000000,?), ref: 737F22D9
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,0000018B,00000000,00000000), ref: 737F22E8
                • Part of subcall function 737F22C0: SendMessageA.USER32(00020254,00000186,-00000001,00000000), ref: 737F22F7
              • lstrcpyA.KERNEL32(?,?,0000001F,7380DE3D,00000400,00000001,?,00000000,?,737F63AF,00000000,00000001,00000000,73810A45,00000400,00000184), ref: 737F52AB
              • lstrcatA.KERNEL32(?,737FD6E7,?,?,0000001F,7380DE3D,00000400,00000001,?,00000000,?,737F63AF,00000000,00000001,00000000,73810A45), ref: 737F52B6
              • lstrcatA.KERNEL32(?,?,?,737FD6E7,?,?,0000001F,7380DE3D,00000400,00000001,?,00000000,?,737F63AF,00000000,00000001), ref: 737F52C3
              • lstrcpyA.KERNEL32(?,?,?,?,?,737FD6E7,?,?,0000001F,7380DE3D,00000400,00000001,?,00000000,?,737F63AF), ref: 737F52D0
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: MessageSend$lstrcatlstrcpy$LoadString
              • String ID:
              • API String ID: 1610432388-0
              • Opcode ID: 0bba128859540143c8dc37df7e2214ae82319c911591aa08fd7ca42c09f5be08
              • Instruction ID: 607edecdd2be4d165a0a406588bba43bf60da23f465751edf4404b4ff98693f6
              • Opcode Fuzzy Hash: 0bba128859540143c8dc37df7e2214ae82319c911591aa08fd7ca42c09f5be08
              • Instruction Fuzzy Hash: 355191F150471A9EE7218B20CD84FEB73BCBF44318F448899A74667280D7B5AB87EB14
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F7260(struct HWND__* _a4, struct HWND__* _a8) {
              				char _v20;
              				char _v36;
              				signed int _v40;
              				signed int _v44;
              				long _t24;
              				signed int _t26;
              				long _t27;
              				signed int _t29;
              				void* _t35;
              				void* _t37;
              				long _t41;
              				long _t42;
              				struct tagRECT* _t47;
              				struct tagRECT* _t48;
              
              				_t48 =  &_v20;
              				_t47 =  &_v36;
              				GetClientRect(_a4, _t48);
              				GetClientRect(_a8, _t47);
              				_t35 = 0;
              				_t24 = _t47->right;
              				_t41 = _t48->right;
              				if(_t24 < _t41) {
              					_t7 = _t24;
              					_t24 = _t41;
              					_t41 = _t7;
              					_t35 = 1;
              				}
              				_t26 = _t24 - _t41 >> 1;
              				if(_t35 != 0) {
              					_t26 =  ~_t26;
              				}
              				_v40 = _t26;
              				_t37 = 0;
              				_t27 = _t47->bottom;
              				_t42 = _t48->bottom;
              				if(_t27 < _t42) {
              					_t11 = _t27;
              					_t27 = _t42;
              					_t42 = _t11;
              					_t37 = 1;
              				}
              				_t29 = _t27 - _t42 >> 1;
              				if(_t37 != 0) {
              					_t29 =  ~_t29;
              				}
              				_v44 = _t29;
              				GetWindowRect(_a8, _t47);
              				GetWindowRect(_a4, _t48);
              				return MoveWindow(_a4, _v40 + _t47->left, _v44 + _t47->top, _t48->right - _t48->left, _t48->bottom - _t48->top, 1);
              			}

















              0x737f7269
              0x737f726c
              0x737f7273
              0x737f727c
              0x737f7281
              0x737f7283
              0x737f7286
              0x737f728b
              0x737f728d
              0x737f728d
              0x737f728d
              0x737f728e
              0x737f728e
              0x737f7292
              0x737f7296
              0x737f7298
              0x737f7298
              0x737f729a
              0x737f729d
              0x737f729f
              0x737f72a2
              0x737f72a7
              0x737f72a9
              0x737f72a9
              0x737f72a9
              0x737f72aa
              0x737f72aa
              0x737f72ae
              0x737f72b2
              0x737f72b4
              0x737f72b4
              0x737f72b6
              0x737f72bd
              0x737f72c6
              0x737f72f3

              APIs
              • GetClientRect.USER32 ref: 737F7273
              • GetClientRect.USER32 ref: 737F727C
              • GetWindowRect.USER32 ref: 737F72BD
              • GetWindowRect.USER32 ref: 737F72C6
              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,?), ref: 737F72EA
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Rect$Window$Client$Move
              • String ID:
              • API String ID: 2306913390-0
              • Opcode ID: 5466a5f53e6a19e471acef218df414685dcc448f62439d56c97629f5dafe5c3d
              • Instruction ID: 47f11e8eedb3263dac468cf1c7a49930215a3889d551fa7ea51da5ad481b860f
              • Opcode Fuzzy Hash: 5466a5f53e6a19e471acef218df414685dcc448f62439d56c97629f5dafe5c3d
              • Instruction Fuzzy Hash: 5311903128120AAFCB14CF28CD84DEEBF7AFF85354B049619F556E7640D731E912CAA0
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F6444(RECT* __eax, void* __ebx, void* __edx, RECT* __esi) {
              				RECT* _t29;
              				void* _t45;
              				char _t49;
              				void* _t50;
              				RECT* _t52;
              				RECT* _t53;
              				void* _t55;
              
              				_t52 = __esi;
              				_t50 = __edx;
              				_t45 = __ebx;
              				_t29 = __eax;
              				while(1) {
              					L34:
              					while(1) {
              						 *(_t55 - 4) = _t29;
              						_t49 = _t52->left;
              						if(_t49 == 3 || _t49 == 4 || _t49 == 0x11 || _t49 == 5 || _t49 == 0x14 || _t49 == 0x16 || _t49 == 0x17 || _t49 == 0x10 || _t49 == 0x18) {
              							if( *(_t55 - 4) != 1) {
              								if( *(_t55 - 4) == 0) {
              									LoadStringA( *0x737fd8a2, 0x1c, 0x73811645, 0x400);
              									E737F22C0(0x73811645);
              									E737F22C0(" ");
              								}
              							} else {
              								LoadStringA( *0x737fd8a2, 0x1d, 0x73811245, 0x400);
              								E737F22C0(0x73811245);
              								E737F22C0(" ");
              							}
              						}
              						_t45 = _t45 + 1;
              						_t29 = E737F149B( *0x737fd8a2, _t45);
              						_t53 = _t29;
              						_t52 = _t53;
              						if(_t52 == 0) {
              							break;
              						}
              						if(_t52->left != 3) {
              							if(_t52->left != 4) {
              								if(_t52->left != 0x11) {
              									if(_t52->left != 5) {
              										if(_t52->left != 0x14) {
              											if(_t52->left != 0x16) {
              												if(_t52->left != 0x17) {
              													if(_t52->left != 0x10) {
              														if(_t52->left != 0x15) {
              															if( *_t52 == 0x18) {
              																_t29 = E737F625C(_t52);
              															}
              															continue;
              														}
              														if( *(_t55 - 4) == 1 ||  *(_t55 - 4) == 0) {
              															if((_t52->left & 0x00000004) == 0) {
              																if((_t52->left & 0x00000008) == 0) {
              																	if((_t52->left & 0x00000040) != 0) {
              																		_t29 =  *(_t55 - 4);
              																	}
              																} else {
              																	_t29 = 1;
              																}
              															} else {
              																_t29 = 0;
              															}
              														} else {
              															_t29 =  *(_t55 - 4);
              														}
              														if( *(_t55 - 4) != _t29) {
              															continue;
              														} else {
              															if((_t52->left & 0x00000001) == 0) {
              																if((_t52->left & 0x00000010) == 0) {
              																	if((_t52->left & 0x00000020) != 0) {
              																		_t45 = _t45 - _t52->top - 1;
              																	}
              																} else {
              																	_t45 = _t45 + _t52->top - 1;
              																}
              																goto L34;
              															}
              															E737F22C0("EXIT PATCHING");
              															break;
              														}
              													}
              													LoadStringA( *0x737fd8a2, 7, 0x73810e45, 0x400);
              													E737F22C0(0x73810e45);
              													_t29 = E737F14E6(_t52);
              													continue;
              												}
              												_t29 = E737F5266(_t52);
              											} else {
              												_t29 = E737F4EE6(_t49, _t52);
              											}
              										} else {
              											_t29 = E737F498E(_t52);
              										}
              									} else {
              										_t29 = E737F5516(_t52);
              									}
              								} else {
              									_t29 = E737F5B9C(_t52);
              								}
              							} else {
              								_t29 = E737F4791(_t50, _t52);
              							}
              						} else {
              							_t29 = E737F4338(_t49, _t52);
              						}
              					}
              					LoadStringA( *0x737fd8a2, 1, 0x73811a45, 0x400);
              					E737F22C0(0x73811a45);
              					E737F6577( *0x737fd907);
              					EnableWindow(GetDlgItem( *0x737fd8a6, 0x6c), 0);
              					return RedrawWindow( *0x737fd8a6, 0, 0, 1);
              				}
              			}










              0x737f6444
              0x737f6444
              0x737f6444
              0x737f6444
              0x737f6466
              0x737f6466
              0x737f6473
              0x737f6473
              0x737f6476
              0x737f647b
              0x737f64a9
              0x737f64dc
              0x737f64f0
              0x737f64fa
              0x737f6504
              0x737f6504
              0x737f64ab
              0x737f64bd
              0x737f64c7
              0x737f64d1
              0x737f64d1
              0x737f64a9
              0x737f6509
              0x737f6511
              0x737f6516
              0x737f6518
              0x737f651a
              0x00000000
              0x00000000
              0x737f6347
              0x737f6357
              0x737f6367
              0x737f6377
              0x737f6387
              0x737f6397
              0x737f63a7
              0x737f63b7
              0x737f63e8
              0x737f646b
              0x737f646e
              0x737f646e
              0x00000000
              0x737f646b
              0x737f63ee
              0x737f63fd
              0x737f640d
              0x737f641d
              0x737f641f
              0x737f641f
              0x737f640f
              0x737f640f
              0x737f640f
              0x737f63ff
              0x737f63ff
              0x737f63ff
              0x737f6424
              0x737f6424
              0x737f6424
              0x737f642a
              0x00000000
              0x737f642c
              0x737f6433
              0x737f644d
              0x737f645e
              0x737f6463
              0x737f6463
              0x737f644f
              0x737f6452
              0x737f6452
              0x00000000
              0x737f644d
              0x737f643a
              0x00000000
              0x737f643a
              0x737f642a
              0x737f63cb
              0x737f63d5
              0x737f63db
              0x00000000
              0x737f63db
              0x737f63aa
              0x737f6399
              0x737f639a
              0x737f639a
              0x737f6389
              0x737f638a
              0x737f638a
              0x737f6379
              0x737f637a
              0x737f637a
              0x737f6369
              0x737f636a
              0x737f636a
              0x737f6359
              0x737f635a
              0x737f635a
              0x737f6349
              0x737f634a
              0x737f634a
              0x737f6347
              0x737f6532
              0x737f653c
              0x737f6547
              0x737f655c
              0x737f6576
              0x737f6576

              APIs
              • LoadStringA.USER32 ref: 737F64BD
              • LoadStringA.USER32 ref: 737F64F0
              • LoadStringA.USER32 ref: 737F6532
              • GetDlgItem.USER32 ref: 737F6554
              • EnableWindow.USER32(00000000,00000000), ref: 737F655C
              • RedrawWindow.USER32(00000000,00000000,00000001,0000006C,00000001,73811A45,00000400,00000002,0000001C,73811645,00000400,00000001,00000000,73810A45,00000400,00000184), ref: 737F656D
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: LoadString$Window$EnableItemRedraw
              • String ID:
              • API String ID: 3679095025-0
              • Opcode ID: 0d5abffcc98cef1f4b0753a3220dcd71e64c3a8b2c982281455f56b78b10bc2d
              • Instruction ID: 9c645f0a1f78c4acc772737d479602754df64a248dc23915a005e33533c107e2
              • Opcode Fuzzy Hash: 0d5abffcc98cef1f4b0753a3220dcd71e64c3a8b2c982281455f56b78b10bc2d
              • Instruction Fuzzy Hash: 6011B235240A0FBFFE217A508E96FB517B6BB00720F54D112E362273FA42654A63B515
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 85%
              			E737F56F6(CHAR* _a4, CHAR* _a8, intOrPtr _a12) {
              				void* _v8;
              				long _v12;
              				long _t17;
              				long _t19;
              				int _t24;
              				void* _t26;
              				char* _t27;
              				CHAR* _t29;
              
              				_t17 = _a12 + 0x100000;
              				_v12 = _t17;
              				_v8 = VirtualAlloc(0, _t17, 0x1000, 4);
              				_t27 = _a8;
              				_t19 = ExpandEnvironmentStringsA(_a4, _v8, _v12);
              				_t29 = _v8;
              				if(_t19 == 0) {
              					L15:
              					VirtualFree(_v8, _v12, 0x4000);
              					return E737F6C90(_a8);
              				}
              				_t24 = lstrcmpA(_t29, _a4);
              				if(_t24 == 0) {
              					lstrcpyA(_a8, _a4);
              				} else {
              					_t26 = 0;
              					while( *_t29 != 0) {
              						asm("lodsb");
              						if( *_t29 == 0x5b0a) {
              							_t26 = 1;
              						}
              						if(_t24 == 0x5c) {
              							_t26 = _t26;
              							if(_t26 == 0 &&  *_t29 != 0x5c &&  *((char*)(_t29 - 2)) != 0x5c) {
              								asm("stosb");
              							}
              						}
              						asm("stosb");
              						if( *_t29 == 0xd5d) {
              							_t26 = 0;
              						}
              					}
              					 *_t27 = 0;
              				}
              			}











              0x737f5702
              0x737f5707
              0x737f5719
              0x737f571f
              0x737f5729
              0x737f572e
              0x737f5733
              0x737f5783
              0x737f578e
              0x737f579f
              0x737f579f
              0x737f573e
              0x737f5740
              0x737f577e
              0x737f5742
              0x737f5742
              0x737f576e
              0x737f5746
              0x737f574c
              0x737f574e
              0x737f574e
              0x737f5752
              0x737f5754
              0x737f5756
              0x737f5763
              0x737f5763
              0x737f5756
              0x737f5764
              0x737f576a
              0x737f576c
              0x737f576c
              0x737f576a
              0x737f5773
              0x737f5773

              APIs
              • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,00000001,?,?), ref: 737F5714
              • ExpandEnvironmentStringsA.KERNEL32(?,?,?,00000000,?,00001000,00000004,00000001,?,?), ref: 737F5729
              • lstrcmpA.KERNEL32(?,?,?,?,?,00000000,?,00001000,00000004,00000001,?,?), ref: 737F5739
              • lstrcpyA.KERNEL32(?,?,?,?,?,?,?,00000000,?,00001000,00000004,00000001,?,?), ref: 737F577E
              • VirtualFree.KERNEL32(?,?,00004000,?,?,?,00000000,?,00001000,00000004,00000001,?,?), ref: 737F578E
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Virtual$AllocEnvironmentExpandFreeStringslstrcmplstrcpy
              • String ID:
              • API String ID: 1433300790-0
              • Opcode ID: 98a67a8e72961e8acd9c4207334b6e3eaf31fe18363ddb456b7e33c4f54bb585
              • Instruction ID: 6896378e2c2c394b457b43535020349edc14baf7e06eb3123c6c48e3686e25ef
              • Opcode Fuzzy Hash: 98a67a8e72961e8acd9c4207334b6e3eaf31fe18363ddb456b7e33c4f54bb585
              • Instruction Fuzzy Hash: A011B1B5900206FEEF124B54DE41B8D7FB9BF05360F688158E5816B390D67057829B65
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 83%
              			E737FA7A0(void* _a4, char* _a8, char* _a12, CHAR* _a16, intOrPtr _a20) {
              				int _v8;
              				void* _v12;
              				int _v16;
              				struct _OSVERSIONINFOA _v164;
              				long _t20;
              				void* _t24;
              				int _t27;
              
              				if(_a20 != 1) {
              					_t27 = 0xf003f;
              				} else {
              					_v164.dwOSVersionInfoSize = 0x94;
              					GetVersionExA( &_v164);
              					if(_v164.dwMajorVersion < 5 || _v164.dwMinorVersion < 1) {
              						_t27 = 1;
              					} else {
              						_t27 = 0x101;
              					}
              				}
              				_t20 = RegCreateKeyExA(_a4, _a8, 0, 0, 0, _t27, 0,  &_v12,  &_v8);
              				if(_t20 != 0) {
              					return _t20;
              				} else {
              					_v16 = lstrlenA(_a16);
              					_push(RegSetValueExA(_v12, _a12, 0, 1, _a16, _v16));
              					RegCloseKey(_v12);
              					_pop(_t24);
              					return _t24;
              				}
              			}










              0x737fa7ad
              0x737fa7e5
              0x737fa7af
              0x737fa7af
              0x737fa7c0
              0x737fa7cc
              0x737fa7de
              0x737fa7d7
              0x737fa7d7
              0x737fa7d7
              0x737fa7cc
              0x737fa806
              0x737fa808
              0x737fa835
              0x737fa80a
              0x737fa812
              0x737fa82a
              0x737fa82e
              0x737fa833
              0x00000000
              0x737fa833

              APIs
              • GetVersionExA.KERNEL32(00000094), ref: 737FA7C0
              • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,000F003F,00000000,?,?), ref: 737FA801
              • lstrlenA.KERNEL32(?,?,?,00000000,00000000,00000000,000F003F,00000000,?,?), ref: 737FA80D
              • RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?,?,?,?,?,00000000,00000000,00000000,000F003F,00000000,?,?), ref: 737FA825
              • RegCloseKey.ADVAPI32(?,00000000,?,?,00000000,00000001,?,?,?,?,?,00000000,00000000,00000000,000F003F,00000000), ref: 737FA82E
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: CloseCreateValueVersionlstrlen
              • String ID:
              • API String ID: 721734588-0
              • Opcode ID: 12882734470a7c121fd3b3d9354b65d5a640b25b0c2dc242800cee9784776ab0
              • Instruction ID: 54bb2225f62c51cbab3165357f7cc4c5e5eef454f0923c9d5cfec547e782c338
              • Opcode Fuzzy Hash: 12882734470a7c121fd3b3d9354b65d5a640b25b0c2dc242800cee9784776ab0
              • Instruction Fuzzy Hash: 5E014031A1020DBBEF528F50CD45F9D777AFB00300F104065F605672A1D7B59A96EF21
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 89%
              			E737F2368(intOrPtr _a4) {
              				int _t2;
              
              				asm("pushad");
              				_t2 = IsDlgButtonChecked( *0x737fd8a6, 0x6b);
              				if(_t2 != 1) {
              					L12:
              					asm("popad");
              					return _t2;
              				}
              				if(_a4 != 0) {
              					_t2 = 1;
              					if( *0x737fe95c == 1 &&  *0x737fe95d == 0) {
              						_t2 = 0;
              					}
              					if(_t2 != 1) {
              						goto L4;
              					} else {
              						LoadStringA( *0x737fd8a2, 0xd, 0x73802e3d, 0x400);
              						E737F22C0(0x73802e3d);
              						E737F22C0(0x737fdd11);
              						_t2 = SetFileAttributesA(0x737fdd11,  *0x737fe511);
              						goto L12;
              					}
              				} else {
              					if( *0x737fe52d == 0) {
              						_t2 = CopyFileA(0x737fdd11, 0x737fd911, 0);
              					}
              					L4:
              					if( *0x737fe52d == 0) {
              						_t2 = DeleteFileA(0x737fdd11);
              					}
              					goto L12;
              				}
              			}




              0x737f236b
              0x737f2374
              0x737f237c
              0x737f240c
              0x737f240c
              0x737f240e
              0x737f240e
              0x737f238b
              0x737f23b4
              0x737f23c0
              0x737f23cb
              0x737f23cb
              0x737f23d3
              0x00000000
              0x737f23d5
              0x737f23e7
              0x737f23f1
              0x737f23f7
              0x737f2403
              0x00000000
              0x737f2403
              0x737f238d
              0x737f2394
              0x737f239e
              0x737f239e
              0x737f23a3
              0x737f23aa
              0x737f23ad
              0x737f23ad
              0x00000000
              0x737f23aa

              APIs
              • IsDlgButtonChecked.USER32(0000006B), ref: 737F2374
              • CopyFileA.KERNEL32(737FDD11,737FD911,00000000), ref: 737F239E
              • DeleteFileA.KERNEL32(737FDD11,0000006B), ref: 737F23AD
              • LoadStringA.USER32 ref: 737F23E7
              • SetFileAttributesA.KERNEL32(737FDD11,0000000D,73802E3D,00000400,0000006B), ref: 737F2403
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: File$AttributesButtonCheckedCopyDeleteLoadString
              • String ID:
              • API String ID: 1907639918-0
              • Opcode ID: d364f861aa1980fdeb0c9628707b00bc122259bb39d1bdaeca88d2e5bfcaa9ac
              • Instruction ID: 6e263d4bca758d1a2f8e88736d1f1933be2735492dc497413e7a78b75239423f
              • Opcode Fuzzy Hash: d364f861aa1980fdeb0c9628707b00bc122259bb39d1bdaeca88d2e5bfcaa9ac
              • Instruction Fuzzy Hash: 6601F2B650562FBAFB13A2218D45B093B5AFF06330F248002E1416B3D2C3EC45C3A76A
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 64%
              			E737F3D1A() {
              				int _t1;
              				int _t6;
              				int _t7;
              				void* _t8;
              				CHAR* _t9;
              				void* _t10;
              
              				asm("pushad");
              				if( *0x737fd8be != 0) {
              					_t1 = SendMessageA( *0x737fd8be, 0x18b, 0, 0);
              					if(_t1 > 0) {
              						_t6 = _t1;
              						_t9 = VirtualAlloc(0, 0x50000, 0x1000, 4);
              						_push(_t9);
              						_t7 = 0;
              						while(_t7 != _t6) {
              							_push(_t7);
              							SendMessageA( *0x737fd8be, 0x189, _t7, _t9);
              							lstrcatA(_t9, "\r\n");
              							while( *_t9 != 0) {
              								_t9 =  &(_t9[1]);
              							}
              							_pop(_t8);
              							_t7 = _t8 + 1;
              						}
              						_pop(_t10);
              						E737F71E0(_t10);
              						_t1 = VirtualFree(_t10, 0x50000, 0x4000);
              					}
              				}
              				asm("popad");
              				return _t1;
              			}









              0x737f3d1a
              0x737f3d22
              0x737f3d33
              0x737f3d3b
              0x737f3d3d
              0x737f3d52
              0x737f3d54
              0x737f3d55
              0x737f3d81
              0x737f3d59
              0x737f3d67
              0x737f3d72
              0x737f3d7a
              0x737f3d79
              0x737f3d79
              0x737f3d7f
              0x737f3d80
              0x737f3d80
              0x737f3d85
              0x737f3d87
              0x737f3d97
              0x737f3d97
              0x737f3d3b
              0x737f3d9c
              0x737f3d9d

              APIs
              • SendMessageA.USER32(0000018B,00000000,00000000,737F333B), ref: 737F3D33
              • VirtualAlloc.KERNEL32(00000000,00050000,00001000,00000004,0000018B,00000000,00000000,737F333B), ref: 737F3D4D
              • SendMessageA.USER32(00000189,00000000,00000000,00000000), ref: 737F3D67
              • lstrcatA.KERNEL32(00000000,737FD338,00000189,00000000,00000000,00000000,00000000,00000000,00050000,00001000,00000004,0000018B,00000000,00000000,737F333B), ref: 737F3D72
              • VirtualFree.KERNEL32(737FD338,00050000,00004000,737FD338,00000189,00000000,00000000,00000000,00000000,00000000,00050000,00001000,00000004,0000018B,00000000,00000000), ref: 737F3D97
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: MessageSendVirtual$AllocFreelstrcat
              • String ID:
              • API String ID: 3447240021-0
              • Opcode ID: 8e9b4d23927681a26d562d30e0f1024e5d620eed43a81fdde2684949d8fdb0fc
              • Instruction ID: 31b9757f127804bf31b165840ab8e2192bfaa1925f7e026a81ad8fa118d29755
              • Opcode Fuzzy Hash: 8e9b4d23927681a26d562d30e0f1024e5d620eed43a81fdde2684949d8fdb0fc
              • Instruction Fuzzy Hash: 5BF090723903437EF71722218D8AF3A2638BB81F51F344128F7027F3D496E624836519
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F2AFB(struct HWND__* _a4, int _a8, int _a12) {
              				char _v20;
              				char _v36;
              				struct tagRECT _v52;
              				RECT* _t14;
              				RECT* _t15;
              
              				_t15 =  &_v20;
              				_t14 =  &_v36;
              				GetWindowRect(GetDlgItem(_a4, _a8), _t15);
              				GetWindowRect(GetDlgItem(_a4, _a12), _t14);
              				return IntersectRect( &_v52, _t15, _t14);
              			}








              0x737f2b03
              0x737f2b06
              0x737f2b16
              0x737f2b28
              0x737f2b3b

              APIs
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Rect$ItemWindow$Intersect
              • String ID:
              • API String ID: 3468032208-0
              • Opcode ID: 1583048bf30bbd94fd84b6852f8b8492155a7e860697753d1d4a9878ad06f0cf
              • Instruction ID: fd18446c2cb0e744246361773c20b4374c214bb8ff17bc1763246b6ccdadf590
              • Opcode Fuzzy Hash: 1583048bf30bbd94fd84b6852f8b8492155a7e860697753d1d4a9878ad06f0cf
              • Instruction Fuzzy Hash: DBE06D7250031A77CF10ABA5DE49DCF3F3EFE85310B00C614B905B3114E6319612D6A0
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 58%
              			E737F6577(struct HWND__* _a4) {
              				long _t3;
              
              				asm("pushad");
              				_t3 = LoadBitmapA( *0x737fd8a2, "BTN_PATCH_DISABLED");
              				if(_t3 != 0) {
              					_t3 = SendMessageA(GetWindowLongA(_a4, 0xc), 0x172, 0, _t3);
              				}
              				asm("popad");
              				return _t3;
              			}




              0x737f657a
              0x737f658b
              0x737f658d
              0x737f65a4
              0x737f65a4
              0x737f65a9
              0x737f65ab

              APIs
              • LoadBitmapA.USER32 ref: 737F6586
              • GetWindowLongA.USER32 ref: 737F6596
              • SendMessageA.USER32(00000000,00000172,00000000,00000000), ref: 737F65A4
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: BitmapLoadLongMessageSendWindow
              • String ID: BTN_PATCH_DISABLED
              • API String ID: 1801189489-85872909
              • Opcode ID: 6db97b4f9725ac4b04ad59b9d1d003e30aecfa5babe1f66dc242630c07c4a095
              • Instruction ID: 6bfc89cb8b063d6061fef2f7522a02ca03adb812fccf33929e21a6dfc2927cbd
              • Opcode Fuzzy Hash: 6db97b4f9725ac4b04ad59b9d1d003e30aecfa5babe1f66dc242630c07c4a095
              • Instruction Fuzzy Hash: E1D05E623543067BF91126628E85F5A399EF701BA4F00C2207605AB3F6D6E0C8136114
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • MapViewOfFile.KERNEL32(?,00000002,?,?,?,?,?,00000000,00000004,00000000,00000000,00000000,?,?,737FD911,C0000000), ref: 737F46D0
              • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000002,?,?,?,?,?), ref: 737F4728
              • CloseHandle.KERNEL32(?,?,00000002,?,?,?,?,?,00000000,00000004,00000000,00000000,00000000,?,?,737FD911), ref: 737F4778
              • CloseHandle.KERNEL32(?,?,00000000,00000004,00000000,00000000,00000000,?,?,737FD911,C0000000,00000002,00000000,00000003,00000082,00000000), ref: 737F4780
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: CloseFileHandleView$Unmap
              • String ID:
              • API String ID: 1018311036-0
              • Opcode ID: bebd379d78e274509ed2ddcb114f777929fc978b1644fa0436d2f855a2926af5
              • Instruction ID: 8712c6c614d16243c877fa873445ed04af37cbeb64994b7020db125fe7a6b7ce
              • Opcode Fuzzy Hash: bebd379d78e274509ed2ddcb114f777929fc978b1644fa0436d2f855a2926af5
              • Instruction Fuzzy Hash: B921F675D00219EFDB12CF94D985FEDBBB6FF40314F24812AE112A3698D730A996DB10
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F2CE7(struct HWND__* _a4, int _a8, int _a12, long _a16) {
              				int _t13;
              				_Unknown_base(*)()* _t14;
              				_Unknown_base(*)()* _t18;
              
              				_t13 = _a8;
              				if(_t13 == 0x102 || _t13 == 0x100 || _t13 == 0x101 || _t13 == 0x115 || _t13 == 0x114 || _t13 == 0x202 || _t13 == 0x205 || _t13 == 0x201 || _t13 == 0x204 || _t13 == 0x114 || _t13 == 0x115 || _t13 == 0xc || _t13 == 0x20a) {
              					_t14 = GetDlgCtrlID(_a4);
              					if(_t14 != 0x6a) {
              						if(_t14 == 0x6f) {
              							_t14 =  *0x737fe533;
              						}
              					} else {
              						_t14 =  *0x737fe52f;
              					}
              					CallWindowProcA(_t14, _a4, _a8, _a12, _a16);
              					return InvalidateRect(GetParent(_a4), 0, 0);
              				} else {
              					_t18 = GetDlgCtrlID(_a4);
              					if(_t18 != 0x6a) {
              						if(_t18 == 0x6f) {
              							_t18 =  *0x737fe533;
              						}
              					} else {
              						_t18 =  *0x737fe52f;
              					}
              					return CallWindowProcA(_t18, _a4, _a8, _a12, _a16);
              				}
              			}






              0x737f2cf3
              0x737f2cfb
              0x737f2d52
              0x737f2d5a
              0x737f2d66
              0x737f2d68
              0x737f2d68
              0x737f2d5c
              0x737f2d5c
              0x737f2d5c
              0x737f2d7a
              0x737f2d92
              0x737f2d95
              0x737f2d98
              0x737f2da0
              0x737f2dac
              0x737f2dae
              0x737f2dae
              0x737f2da2
              0x737f2da2
              0x737f2da2
              0x737f2dc6
              0x737f2dc6

              APIs
              • GetDlgCtrlID.USER32(?), ref: 737F2D52
              • CallWindowProcA.USER32 ref: 737F2D7A
              • GetParent.USER32(?), ref: 737F2D82
              • InvalidateRect.USER32(00000000,00000000,00000000,?,00000000,?,?,?,?,?), ref: 737F2D8C
              • GetDlgCtrlID.USER32(?), ref: 737F2D98
              • CallWindowProcA.USER32 ref: 737F2DC0
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: CallCtrlProcWindow$InvalidateParentRect
              • String ID:
              • API String ID: 1256023302-0
              • Opcode ID: 92e0eb220823e09164897edcd090695369394f73b35bcaf8974fbcca0f572be0
              • Instruction ID: 7af066e1eb428e1b5a7eeae0777b8c08fb1980a0a537328b244239fb03569626
              • Opcode Fuzzy Hash: 92e0eb220823e09164897edcd090695369394f73b35bcaf8974fbcca0f572be0
              • Instruction Fuzzy Hash: DE01123810424EAEEF224920C885F9D363BFF44700F288861E517FB3F9CA79D4929716
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 84%
              			E737F6F00(char* _a4, void* _a8, char* _a12, char* _a16, intOrPtr _a20) {
              				void* _v8;
              				int _v12;
              				int _v16;
              				struct _OSVERSIONINFOA _v164;
              				long _t19;
              				void* _t25;
              				int _t28;
              
              				if(_a20 != 1) {
              					_t28 = 1;
              				} else {
              					_v164.dwOSVersionInfoSize = 0x94;
              					GetVersionExA( &_v164);
              					if(_v164.dwMajorVersion < 5 || _v164.dwMinorVersion < 1) {
              						_t28 = 1;
              					} else {
              						_t28 = 0x101;
              					}
              				}
              				_t19 = RegOpenKeyExA(_a8, _a12, 0, _t28,  &_v8);
              				if(_t19 != 0) {
              					return _t19;
              				} else {
              					_v12 = 1;
              					_v16 = 0x400;
              					_push(RegQueryValueExA(_v8, _a16, 0,  &_v12, _a4,  &_v16));
              					RegCloseKey(_v8);
              					_pop(_t25);
              					return _t25;
              				}
              			}










              0x737f6f0d
              0x737f6f45
              0x737f6f0f
              0x737f6f0f
              0x737f6f20
              0x737f6f2c
              0x737f6f3e
              0x737f6f37
              0x737f6f37
              0x737f6f37
              0x737f6f2c
              0x737f6f5c
              0x737f6f5e
              0x737f6f92
              0x737f6f60
              0x737f6f65
              0x737f6f68
              0x737f6f87
              0x737f6f8b
              0x737f6f90
              0x00000000
              0x737f6f90

              APIs
              • GetVersionExA.KERNEL32(?), ref: 737F6F20
              • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000001,?), ref: 737F6F57
              • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,00000000,00000001,?), ref: 737F6F82
              • RegCloseKey.ADVAPI32(?,00000000,?,?,00000000,?,?,?,?,?,00000000,00000001,?), ref: 737F6F8B
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: CloseOpenQueryValueVersion
              • String ID:
              • API String ID: 2996790148-0
              • Opcode ID: e1892d3d9792545cd93157d0401ee52856a44f0dfdadaad5d0370727a44a8380
              • Instruction ID: 9f5a9246896374819f3f2abdba091b4bb59f77a432879598d32d30096067fcfa
              • Opcode Fuzzy Hash: e1892d3d9792545cd93157d0401ee52856a44f0dfdadaad5d0370727a44a8380
              • Instruction Fuzzy Hash: D6010C7191420EEFEF118E50CD45FDE77B9FB00304F1080A6F605A62A1D7759A96AF51
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 84%
              			E737F6FA0(char* _a4, void* _a8, char* _a12, char* _a16, intOrPtr _a20) {
              				void* _v8;
              				int _v12;
              				int _v16;
              				struct _OSVERSIONINFOA _v164;
              				long _t19;
              				void* _t25;
              				int _t28;
              
              				if(_a20 != 1) {
              					_t28 = 1;
              				} else {
              					_v164.dwOSVersionInfoSize = 0x94;
              					GetVersionExA( &_v164);
              					if(_v164.dwMajorVersion < 5 || _v164.dwMinorVersion < 1) {
              						_t28 = 1;
              					} else {
              						_t28 = 0x101;
              					}
              				}
              				_t19 = RegOpenKeyExA(_a8, _a12, 0, _t28,  &_v8);
              				if(_t19 != 0) {
              					return _t19;
              				} else {
              					_v12 = 4;
              					_v16 = 4;
              					_push(RegQueryValueExA(_v8, _a16, 0,  &_v12, _a4,  &_v16));
              					RegCloseKey(_v8);
              					_pop(_t25);
              					return _t25;
              				}
              			}










              0x737f6fad
              0x737f6fe5
              0x737f6faf
              0x737f6faf
              0x737f6fc0
              0x737f6fcc
              0x737f6fde
              0x737f6fd7
              0x737f6fd7
              0x737f6fd7
              0x737f6fcc
              0x737f6ffc
              0x737f6ffe
              0x737f7032
              0x737f7000
              0x737f7005
              0x737f7008
              0x737f7027
              0x737f702b
              0x737f7030
              0x00000000
              0x737f7030

              APIs
              • GetVersionExA.KERNEL32(?), ref: 737F6FC0
              • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000001,?), ref: 737F6FF7
              • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,00000000,00000001,?), ref: 737F7022
              • RegCloseKey.ADVAPI32(?,00000000,?,?,00000000,?,?,?,?,?,00000000,00000001,?), ref: 737F702B
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: CloseOpenQueryValueVersion
              • String ID:
              • API String ID: 2996790148-0
              • Opcode ID: 487ece90361f513cc7b554e11134285546270502a32006d15a53591e74668c87
              • Instruction ID: 4438fb742ae79808484b9aa67b254475e2ff75e2d2dc977d47b5f94a0813fdb2
              • Opcode Fuzzy Hash: 487ece90361f513cc7b554e11134285546270502a32006d15a53591e74668c87
              • Instruction Fuzzy Hash: 43014C7090020EEBEF118F50CD15F9E7BB9FB00344F1080A5F605A72A1D7759A96EF52
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F6D4C(CHAR* _a4, void* _a8, long _a12) {
              				void* _v8;
              				long _v12;
              				void* _t10;
              
              				_t10 = CreateFileA(_a4, 0x40000000, 0, 0, 2, 0x80, 0);
              				if(_t10 != 0xffffffff) {
              					_v8 = _t10;
              					WriteFile(_v8, _a8, _a12,  &_v12, 0);
              					FlushFileBuffers(_v8);
              					CloseHandle(_v8);
              					return _v12;
              				} else {
              					return 0;
              				}
              			}






              0x737f6d67
              0x737f6d6f
              0x737f6d77
              0x737f6d89
              0x737f6d91
              0x737f6d99
              0x737f6da2
              0x737f6d71
              0x737f6d74
              0x737f6d74

              APIs
              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 737F6D67
              • WriteFile.KERNEL32(00000400,737FE111,?,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 737F6D89
              • FlushFileBuffers.KERNEL32(00000400,00000400,737FE111,?,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 737F6D91
              • CloseHandle.KERNEL32(00000400,00000400,00000400,737FE111,?,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 737F6D99
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: File$BuffersCloseCreateFlushHandleWrite
              • String ID:
              • API String ID: 4137531733-0
              • Opcode ID: dcaf5e4410800bcd8cafecdb1ba5ccb07b804effd0555680af52f84d583d2cd7
              • Instruction ID: 5903e26bee53ba5c55d90aacc016c5f8b53ea503d74adbd460c0a439bc798961
              • Opcode Fuzzy Hash: dcaf5e4410800bcd8cafecdb1ba5ccb07b804effd0555680af52f84d583d2cd7
              • Instruction Fuzzy Hash: F2F0373164020AFBEF118F60CD46FCD7775BF00714F208250B720B61E0D7719A21AB48
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 68%
              			E737F70B0(CHAR* _a4) {
              				char _v516;
              				int _t4;
              				struct HINSTANCE__* _t5;
              				int _t7;
              				CHAR* _t8;
              				CHAR* _t9;
              				CHAR* _t10;
              
              				asm("pushad");
              				if(_a4 != 0) {
              					_t8 = _a4;
              				} else {
              					_t5 = GetModuleHandleA(0);
              					_t9 =  &_v516;
              					GetModuleFileNameA(_t5, _t9, 0x200);
              					_t7 = lstrlenA(_t9);
              					_push(_t9);
              					_t10 =  &(_t9[_t7]);
              					while( *_t10 != 0x5c) {
              						_t10 = _t10 - 1;
              					}
              					 *_t10 = 0;
              					_pop(_t8);
              				}
              				_t4 = SetCurrentDirectoryA(_t8);
              				asm("popad");
              				return _t4;
              			}










              0x737f70b9
              0x737f70be
              0x737f70f0
              0x737f70c0
              0x737f70c2
              0x737f70c7
              0x737f70d4
              0x737f70da
              0x737f70df
              0x737f70e0
              0x737f70e5
              0x737f70e4
              0x737f70e4
              0x737f70ea
              0x737f70ed
              0x737f70ed
              0x737f70f4
              0x737f70f9
              0x737f70fb

              APIs
              • GetModuleHandleA.KERNEL32(00000000), ref: 737F70C2
              • GetModuleFileNameA.KERNEL32(00000000,?,00000200,00000000), ref: 737F70D4
              • lstrlenA.KERNEL32(?,00000000,?,00000200,00000000), ref: 737F70DA
              • SetCurrentDirectoryA.KERNEL32(00000000), ref: 737F70F4
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: Module$CurrentDirectoryFileHandleNamelstrlen
              • String ID:
              • API String ID: 2912049553-0
              • Opcode ID: 509350362eb3048764b6e3f923ced0e9e2bfac01be0eb516a8b7fc2a6026c487
              • Instruction ID: 0de0de2cf21a5b0b7d4beebf7a354f360677ee9319790e4394b70971a66f6147
              • Opcode Fuzzy Hash: 509350362eb3048764b6e3f923ced0e9e2bfac01be0eb516a8b7fc2a6026c487
              • Instruction Fuzzy Hash: B0E02B318043ABABF71356644D48FCB7AD97F06390F248054F6442F381D6B4914387E9
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 100%
              			E737F633F(long __ecx, void* __edx, RECT* __esi) {
              				RECT* _t29;
              				void* _t45;
              				long _t49;
              				void* _t50;
              				RECT* _t52;
              				RECT* _t53;
              				void* _t55;
              
              				_t52 = __esi;
              				_t50 = __edx;
              				_t49 = __ecx;
              				while(1) {
              					_t53 = _t52;
              					if(_t53 == 0) {
              						break;
              					}
              					if(_t53->left != 3) {
              						if(_t53->left != 4) {
              							if(_t53->left != 0x11) {
              								if(_t53->left != 5) {
              									if(_t53->left != 0x14) {
              										if(_t53->left != 0x16) {
              											if(_t53->left != 0x17) {
              												if(_t53->left != 0x10) {
              													if(_t53->left != 0x15) {
              														if(_t53->left == 0x18) {
              															_t29 = E737F625C(_t53);
              														}
              														goto L37;
              													}
              													if( *(_t55 - 4) == 1 ||  *(_t55 - 4) == 0) {
              														if((_t53->left & 0x00000004) == 0) {
              															if((_t53->left & 0x00000008) == 0) {
              																if((_t53->left & 0x00000040) != 0) {
              																	_t29 =  *(_t55 - 4);
              																}
              															} else {
              																_t29 = 1;
              															}
              														} else {
              															_t29 = 0;
              														}
              													} else {
              														_t29 =  *(_t55 - 4);
              													}
              													if( *(_t55 - 4) != _t29) {
              														goto L37;
              													} else {
              														if((_t53->left & 0x00000001) == 0) {
              															if((_t53->left & 0x00000010) == 0) {
              																if((_t53->left & 0x00000020) != 0) {
              																	_t45 = _t45 - _t53->top - 1;
              																}
              															} else {
              																_t45 = _t45 + _t53->top - 1;
              															}
              															goto L37;
              														}
              														E737F22C0("EXIT PATCHING");
              														break;
              													}
              												}
              												LoadStringA( *0x737fd8a2, 7, 0x73810e45, 0x400);
              												E737F22C0(0x73810e45);
              												_t29 = E737F14E6(_t53);
              												goto L37;
              											}
              											_t29 = E737F5266(_t53);
              										} else {
              											_t29 = E737F4EE6(_t49, _t53);
              										}
              									} else {
              										_t29 = E737F498E(_t53);
              									}
              								} else {
              									_t29 = E737F5516(_t53);
              								}
              							} else {
              								_t29 = E737F5B9C(_t53);
              							}
              						} else {
              							_t29 = E737F4791(_t50, _t53);
              						}
              						goto L37;
              					} else {
              						_t29 = E737F4338(_t49, _t53);
              						L37:
              						 *(_t55 - 4) = _t29;
              						_t49 = _t53->left;
              						if(_t49 == 3 || _t49 == 4 || _t49 == 0x11 || _t49 == 5 || _t49 == 0x14 || _t49 == 0x16 || _t49 == 0x17 || _t49 == 0x10 || _t49 == 0x18) {
              							if( *(_t55 - 4) != 1) {
              								if( *(_t55 - 4) == 0) {
              									LoadStringA( *0x737fd8a2, 0x1c, 0x73811645, 0x400);
              									E737F22C0(0x73811645);
              									E737F22C0(" ");
              								}
              							} else {
              								LoadStringA( *0x737fd8a2, 0x1d, 0x73811245, 0x400);
              								E737F22C0(0x73811245);
              								E737F22C0(" ");
              							}
              						}
              						_t45 = _t45 + 1;
              						_t29 = E737F149B( *0x737fd8a2, _t45);
              						_t52 = _t29;
              						continue;
              					}
              				}
              				LoadStringA( *0x737fd8a2, 1, 0x73811a45, 0x400);
              				E737F22C0(0x73811a45);
              				E737F6577( *0x737fd907);
              				EnableWindow(GetDlgItem( *0x737fd8a6, 0x6c), 0);
              				return RedrawWindow( *0x737fd8a6, 0, 0, 1);
              			}










              0x737f633f
              0x737f633f
              0x737f633f
              0x737f6518
              0x737f6518
              0x737f651a
              0x00000000
              0x00000000
              0x737f6347
              0x737f6357
              0x737f6367
              0x737f6377
              0x737f6387
              0x737f6397
              0x737f63a7
              0x737f63b7
              0x737f63e8
              0x737f646b
              0x737f646e
              0x737f646e
              0x00000000
              0x737f646b
              0x737f63ee
              0x737f63fd
              0x737f640d
              0x737f641d
              0x737f641f
              0x737f641f
              0x737f640f
              0x737f640f
              0x737f640f
              0x737f63ff
              0x737f63ff
              0x737f63ff
              0x737f6424
              0x737f6424
              0x737f6424
              0x737f642a
              0x00000000
              0x737f642c
              0x737f6433
              0x737f644d
              0x737f645e
              0x737f6463
              0x737f6463
              0x737f644f
              0x737f6452
              0x737f6452
              0x00000000
              0x737f6466
              0x737f643a
              0x00000000
              0x737f643a
              0x737f642a
              0x737f63cb
              0x737f63d5
              0x737f63db
              0x00000000
              0x737f63db
              0x737f63aa
              0x737f6399
              0x737f639a
              0x737f639a
              0x737f6389
              0x737f638a
              0x737f638a
              0x737f6379
              0x737f637a
              0x737f637a
              0x737f6369
              0x737f636a
              0x737f636a
              0x737f6359
              0x737f635a
              0x737f635a
              0x00000000
              0x737f6349
              0x737f634a
              0x737f6473
              0x737f6473
              0x737f6476
              0x737f647b
              0x737f64a9
              0x737f64dc
              0x737f64f0
              0x737f64fa
              0x737f6504
              0x737f6504
              0x737f64ab
              0x737f64bd
              0x737f64c7
              0x737f64d1
              0x737f64d1
              0x737f64a9
              0x737f6509
              0x737f6511
              0x737f6516
              0x00000000
              0x737f6516
              0x737f6347
              0x737f6532
              0x737f653c
              0x737f6547
              0x737f655c
              0x737f6576

              APIs
              • LoadStringA.USER32 ref: 737F64BD
              • LoadStringA.USER32 ref: 737F6532
              • GetDlgItem.USER32 ref: 737F6554
              • EnableWindow.USER32(00000000,00000000), ref: 737F655C
              • RedrawWindow.USER32(00000000,00000000,00000001,0000006C,00000001,73811A45,00000400,00000002,0000001C,73811645,00000400,00000001,00000000,73810A45,00000400,00000184), ref: 737F656D
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: LoadStringWindow$EnableItemRedraw
              • String ID:
              • API String ID: 3001624229-0
              • Opcode ID: ca6881ec69312ac4d9cb561a374eedd0e9c8e40a3c2ff3303e5432d3ae19193c
              • Instruction ID: 30b408ef67e8b1530daecbb6bb9d93653a9d008127f6397b9c9b456a45750147
              • Opcode Fuzzy Hash: ca6881ec69312ac4d9cb561a374eedd0e9c8e40a3c2ff3303e5432d3ae19193c
              • Instruction Fuzzy Hash: 4EE04F737813077AF932B7659ECBF482B56F700B24F20C121B7807B6FD46A615236544
              Uniqueness

              Uniqueness Score: -1.00%

              C-Code - Quality: 79%
              			E737F2A7D() {
              				signed char _v5;
              				void* _t7;
              
              				asm("pushad");
              				_v5 = 0;
              				_t7 = E737F1460( *0x737fd8a2, 8, 1);
              				if(_t7 != 0) {
              					_t14 = _t7;
              					GetTempPathA(0x400, 0x737fe111);
              					lstrcatA(0x737fe111, "\\bassmod.dll");
              					_t3 = _t14 + 5; // 0x5
              					E737F6D4C(0x737fe111, _t3,  *((intOrPtr*)(_t7 + 1)));
              					_v5 = 1;
              				}
              				asm("popad");
              				return _v5 & 0x000000ff;
              			}





              0x737f2a83
              0x737f2a84
              0x737f2a97
              0x737f2a99
              0x737f2a9b
              0x737f2aa7
              0x737f2ab6
              0x737f2abe
              0x737f2ac8
              0x737f2acd
              0x737f2acd
              0x737f2ad1
              0x737f2ad7

              APIs
              • GetTempPathA.KERNEL32(00000400,737FE111), ref: 737F2AA7
              • lstrcatA.KERNEL32(737FE111,\bassmod.dll,00000400,737FE111), ref: 737F2AB6
                • Part of subcall function 737F6D4C: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 737F6D67
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.473184220.00000000737F1000.00000080.00020000.sdmp, Offset: 737F0000, based on PE: true
              • Associated: 00000001.00000002.473165779.00000000737F0000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473223816.00000000737FB000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.473247494.00000000737FD000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.473269288.0000000073813000.00000080.00020000.sdmp Download File
              • Associated: 00000001.00000002.473293294.0000000073816000.00000002.00020000.sdmp Download File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_737f0000_Sketchup+Pro+2016+Patch+x86.jbxd
              Similarity
              • API ID: CreateFilePathTemplstrcat
              • String ID: \bassmod.dll
              • API String ID: 3703170275-1657146168
              • Opcode ID: d8335eaab5ee6c41d3c2809e13c6207c394a424fc3e4c56e25b667de87fb1102
              • Instruction ID: 005d37648dfe4c6795ee99e1fd38e33b18e7580e6f49700eb98a66c469e06837
              • Opcode Fuzzy Hash: d8335eaab5ee6c41d3c2809e13c6207c394a424fc3e4c56e25b667de87fb1102
              • Instruction Fuzzy Hash: FDF0EC3034874B3EFB11A3614C45F5DF6987B00318F1042A0B9A1BB3C2DAD5A5074761
              Uniqueness

              Uniqueness Score: -1.00%