Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Unlocker1.9.2.exe

Overview

General Information

Sample Name:Unlocker1.9.2.exe
Analysis ID:494046
MD5:1e02d6aa4a199448719113ae3926afb2
SHA1:f1eff6451ced129c0e5c0a510955f234a01158a0
SHA256:fb6b1171776554a808c62f4045f5167603f70bf7611de64311ece0624b365397
Infos:

Most interesting Screenshot:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Sample is not signed and drops a device driver
Contains functionality to register a low level keyboard hook
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Creates an undocumented autostart registry key
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Stores files to the Windows start menu directory
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
AV process strings found (often used to terminate AV products)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Creates driver files
Registers a DLL
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates or modifies windows services
Contains functionality to query network adapater information
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • Unlocker1.9.2.exe (PID: 7036 cmdline: 'C:\Users\user\Desktop\Unlocker1.9.2.exe' MD5: 1E02D6AA4A199448719113AE3926AFB2)
    • DeltaTB.exe (PID: 6416 cmdline: 'C:\Users\user\AppData\Local\Temp\DeltaTB.exe' /aflt=babsst /babTrack='affID=122471' /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt MD5: EB2764885565B6C01CB32E5F51F213B3)
      • Setup.exe (PID: 1836 cmdline: 'C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe' -xprm='cat=delta' -expg=none /aflt=babsst /babTrack='affID=122471' /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt MD5: 26F6D1B6756A83DE9755A05F7C030D75)
        • rundll32.exe (PID: 6464 cmdline: 'C:\Windows\SysWOW64\rundll32.exe' C:\Users\user\AppData\Local\Temp\F27BA7~1\IEHelper.dll,UpdateProtectedModeCookieCache URI|http://babylon.com MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • setup.exe (PID: 5404 cmdline: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\Setup.exe -latest -trkInfo=[TType:5012_7] -xprm='cat=delta' -expg=none /aflt=babsst /babTrack='affID=122471' /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt MD5: 5790A04F78C61C3CAEA7DDD6F01829D2)
    • regsvr32.exe (PID: 2212 cmdline: 'C:\Windows\system32\regsvr32.exe' /s 'C:\Program Files\Unlocker\UnlockerCOM.dll' MD5: 426E7499F6A7346F0410DEAD0805586B)
      • regsvr32.exe (PID: 5456 cmdline: /s 'C:\Program Files\Unlocker\UnlockerCOM.dll' MD5: D78B75FC68247E8A63ACBA846182740E)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: Unlocker1.9.2.exeMetadefender: Detection: 14%Perma Link
Source: Unlocker1.9.2.exeReversingLabs: Detection: 47%
Antivirus / Scanner detection for submitted sampleShow sources
Source: Unlocker1.9.2.exeAvira: detected
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeMetadefender: Detection: 26%Perma Link
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeReversingLabs: Detection: 44%
Source: Unlocker1.9.2.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeWindow detected: < &BackI &AgreeCancelNullsoft Install System v2.46 Nullsoft Install System v2.46License AgreementPlease review the license terms before installing Unlocker 1.9.2.Press Page Down to see the rest of the agreement.A. Unlocker End User License AgreementB. Delta Toolbar End User License AgreementA. Unlocker End User License AgreementThis software is provided "as is" without any guarantee made as to its suitability or fitness for any particular use. It may contain bugs so use of this tool is at your own risk. We take no responsibility for any damage that may unintentionally be caused through its use.You may not distribute Unlocker in any form without express written permission of Cedrick Collomb (ccollomb@emptyloop.com)B. Delta Toolbar End User License AgreementYou have the option of installing the Delta Toolbar. By Installing the Delta Toolbar you agree to Delta End-User Licence Agreement and Delta Privacy Statement. You can easily remove this application at any time.o Delta End-User Licence Agreement: http://info.delta-search.com/uninstall/eula.htmlo Delta Privacy Statement http://info.delta-search.com/uninstall/privacy.htmlIf you accept the terms of the agreement click I Agree to continue. You must accept the agreement to install Unlocker 1.9.2.
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\README.TXTJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnlockerJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\UnlockerJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\Unlocker.exeJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\UnlockerDriver5.sysJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\UnlockerInject32.exeJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\README.TXTJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\UnlockerCOM.dllJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\Unlocker.urlJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\uninst.exeJump to behavior
Source: Binary string: D:\Projects\Setup_9.1.1\Release_Win32\Setup32.pdb source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.dr
Source: Binary string: C:\projects\meitar-branch\SP_Meitar\Release_Win32\ReportUrlDll.pdb source: setup.exe, 00000008.00000002.699385840.0000000000932000.00000002.00020000.sdmp, setup.exe.6.dr
Source: Binary string: c:\Documents and Settings\Cedrick\My Documents\Cedrick\Backup Office\My Sources\Visual Studio Projects\Unlocker\Release64\Unlocker.pdb source: Unlocker.exe.1.dr
Source: Binary string: D:\Projects\Setup_9.1.0\Release_Win32\IEHelper.pdbp source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, IEHelper.dll.5.dr
Source: Binary string: D:\Projects\Babylon\Setup1_Win32\Setup_Stub.pdbN source: Unlocker1.9.2.exe
Source: Binary string: D:\Projects\Setup_9.1.0\Release_Win32\BExternal.pdb source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.697726420.0000000000921000.00000004.00000001.sdmp, BExternal.dll.6.dr
Source: Binary string: D:\Projects\Setup_9.1.1\Release_Win32\Setup32.pdbp;V source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.dr
Source: Binary string: D:\Projects\Babylon\Setup1_Win32\Setup_Stub.pdb source: DeltaTB.exe, 00000005.00000002.706872422.00000000001E4000.00000002.00020000.sdmp, Unlocker1.9.2.exe
Source: Binary string: D:\Projects\Setup_9.1.0\Release_Win32\IEHelper.pdb source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, IEHelper.dll.5.dr
Source: Binary string: c:\Documents and Settings\Cedrick\My Documents\Cedrick\Backup Office\My Sources\Visual Studio Projects\Unlocker\Release64\Unlocker.pdbH source: Unlocker.exe.1.dr
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 1_2_00405302 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00405302
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 1_2_00405CD8 FindFirstFileA,FindClose,1_2_00405CD8
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 1_2_0040263E FindFirstFileA,1_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeCode function: 5_2_001E121F _wcscpy,_wcscpy,_wcscat,FindFirstFileW,5_2_001E121F
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeCode function: 6_2_0049F0E0 FindFirstFileW,FindClose,6_2_0049F0E0
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.drString found in binary or memory: http://Kernel32.dllSetDllDirectoryW
Source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://babylon.com
Source: Setup.exe, 00000006.00000002.704732561.000000000087A000.00000004.00000020.sdmpString found in binary or memory: http://babylon.com/
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.drString found in binary or memory: http://babylon.com/?hp%d:%d;dsp%d:%d;hpu%d:%s;dspu%d:%s;COO_gcSCOO_scSBTRSCOO_suaopenopenieffcrBUSol
Source: Setup.exe, 00000006.00000002.704732561.000000000087A000.00000004.00000020.sdmpString found in binary or memory: http://babylon.com/H9w
Source: Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmpString found in binary or memory: http://babylon.comC
Source: rundll32.exe, 00000007.00000002.695847908.0000000002770000.00000004.00000020.sdmpString found in binary or memory: http://babylon.comC:
Source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://bis.babylon.com/
Source: Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmpString found in binary or memory: http://bis.babylon.com/_
Source: Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://bts.babylon.com/index.php
Source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://clientac.babsrv.com/?f=3&n=10&q=%s&l=%d&t=%d&p=babylon&b=1&callback=acp_new
Source: Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpString found in binary or memory: http://clientac.babsrv.com/?f=3&n=10&q=%s&l=%d&t=%d&p=babylon&b=1&callback=acp_newz
Source: Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://clients.babylon.com/eval/kms6.cgi
Source: Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://clients.babylon.com/pro/kms6.cgi
Source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.700897152.0000000002DEA000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://clientui.babylon.com/
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Unlocker1.9.2.exeString found in binary or memory: http://crl.thawte.com/ThawtePCA.crl0
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Unlocker1.9.2.exeString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Unlocker1.9.2.exeString found in binary or memory: http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
Source: Setup.exe, 00000006.00000002.705043532.00000000008ED000.00000004.00000020.sdmpString found in binary or memory: http://dl.babylon.com/
Source: Setup.exe, 00000006.00000002.705043532.00000000008ED000.00000004.00000020.sdmpString found in binary or memory: http://dl.babylon.com/85&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibpr
Source: Setup.exe, 00000006.00000002.705043532.00000000008ED000.00000004.00000020.sdmpString found in binary or memory: http://dl.babylon.com/d=33ee00e8000000000000ecfT
Source: Setup.exe, 00000006.00000003.700897152.0000000002DEA000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.690504686.0000000002DF7000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://dl.babylon.com/site/files/Setup9/dwr/DefaultClient/DefaultClient/Default-clientdat.zpb;http:/
Source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://dl.babylon.com/site/files/Setup9/dwr/DefaultClient/DefaultClient/Default-tbdat.zpb;http://dl.
Source: Setup.exe, 00000006.00000002.705043532.00000000008ED000.00000004.00000020.sdmpString found in binary or memory: http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpb
Source: downloader[1].htm.6.drString found in binary or memory: http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpb;
Source: Setup.exe, 00000006.00000002.705043532.00000000008ED000.00000004.00000020.sdmpString found in binary or memory: http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpb;.zpb;
Source: Setup.exe, 00000006.00000002.704871026.00000000008B8000.00000004.00000020.sdmpString found in binary or memory: http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpbtion
Source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://info.babylon.com/campaigns/
Source: Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmpString found in binary or memory: http://info.babylon.com/campaigns/r
Source: Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://info.babylon.com/setup/downloader.php
Source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://info.babylon.com/stat/client_ga.php?name=$
Source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://info.babylon.com/welcome/
Source: Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmpString found in binary or memory: http://info.babylon.com/welcome/j
Source: Unlocker1.9.2.exe, 00000001.00000003.675160600.0000000003A90000.00000004.00000001.sdmp, Unlocker1.9.2.exe, 00000001.00000002.733638627.000000000019A000.00000004.00000001.sdmp, Delta.ini.1.drString found in binary or memory: http://info.delta-search.com/uninstall/eula.html
Source: Unlocker1.9.2.exe, 00000001.00000002.733638627.000000000019A000.00000004.00000001.sdmpString found in binary or memory: http://info.delta-search.com/uninstall/privacy.html
Source: Unlocker1.9.2.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: Unlocker1.9.2.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Unlocker1.9.2.exeString found in binary or memory: http://ocsp.thawte.com0
Source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.700897152.0000000002DEA000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://search.babylon.com
Source: Setup.exe, 00000006.00000002.703264851.000000000017D000.00000004.00000001.sdmpString found in binary or memory: http://stat.info-strea
Source: Setup.exe, 00000006.00000003.700787207.0000000002DE7000.00000004.00000001.sdmpString found in binary or memory: http://stat.info-stream.net/report.php?no_policy=1&lang=0&s
Source: Setup.exe, 00000006.00000003.700787207.0000000002DE7000.00000004.00000001.sdmpString found in binary or memory: http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-end&stage=111&ver=9.1.1.10&af
Source: Setup.exe, 00000006.00000002.704871026.00000000008B8000.00000004.00000020.sdmp, Setup.exe, 00000006.00000003.700608560.0000000002DFB000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.700787207.0000000002DE7000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705043532.00000000008ED000.00000004.00000020.sdmp, log_file.txt.6.drString found in binary or memory: http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-end&stage=91&ver=9.1.1.10&aff
Source: Setup.exe, 00000006.00000002.704871026.00000000008B8000.00000004.00000020.sdmp, log_file.txt.6.drString found in binary or memory: http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-start&stage=0&ver=9.1.1.10&af
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.drString found in binary or memory: http://stp.babylon.com/downloader.php?&lang=&zpb=1&second=1&geo=1about:blank:about:blankbfrNvgt:
Source: Setup.exe, 00000006.00000003.696486794.000000000091E000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.704871026.00000000008B8000.00000004.00000020.sdmpString found in binary or memory: http://stp.babylon.com/downloader.php?ver=9.1.1.10&affilID=122471&guid=
Source: Setup.exeString found in binary or memory: http://stpui.babylon.com/
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.drString found in binary or memory: http://stpui.babylon.com/setup_cms_url?name=&param=&lang=%d&ver=%d&bld=%d&&ver=
Source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://tc.babylon.com/Ginger/correct
Source: Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://tcm.babylon.com/UM_Consumer/UMOpeartions
Source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.700897152.0000000002DEA000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://transurl.babylon.com
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Unlocker1.9.2.exeString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Unlocker1.9.2.exeString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Unlocker1.9.2.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: Unlocker1.9.2.exe, 00000001.00000003.711085041.0000000002880000.00000004.00000001.sdmp, README.TXT.1.drString found in binary or memory: http://unlocker.emptyloop.com
Source: Unlocker.exe.1.dr, Unlocker.url.1.drString found in binary or memory: http://unlocker.emptyloop.com/
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/)
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/????
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Accesso
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Acest
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Aquest
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Ce
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Denegado
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Denne
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Detta
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Dit
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Esta
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Este
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/GET
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Juurdep
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Ky
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Mesej
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Odm
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Ova
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/P
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Pesan
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Poruka
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Pr
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Questo
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/See
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/T
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Ta
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/Tato
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/This
Source: Unlocker.exe.1.drString found in binary or memory: http://unlocker.emptyloop.com/To
Source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://utils.babylon.com/country/
Source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://www.babylon.com/lingoz-redirect
Source: Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmpString found in binary or memory: http://www.babylon.com/lingoz-redirect~
Source: Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://www.babylon.com/redirects/client.cgi?
Source: Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmpString found in binary or memory: http://www.babylon.com/redirects/client.cgi?r
Source: Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://www.babylon.com/redirects/download.cgi?
Source: Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmpString found in binary or memory: http://www.babylon.com/redirects/download.cgi?zD
Source: Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://www.babylon.com/redirects/purchase.cgi?
Source: Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?
Source: Setup.exeString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?no_policy=1&type=%s&lang=%d
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.drString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?no_policy=1&type=%s&lang=%d9.1.1.10HPTBDSPukieffcrver=&&m
Source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?type=babylon6_full_text
Source: Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?type=babylon6_full_textP
Source: Setup.exe, 00000006.00000003.700897152.0000000002DEA000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?type=getting_started&lang=$
Source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?type=machinetrans
Source: Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?type=machinetranssoX
Source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.690504686.0000000002DF7000.00000004.00000001.sdmp, Babylon.dat.5.drString found in binary or memory: http://www.babylon.com/redirects/redir.cgi?type=post_install_page&lang=$
Source: Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpString found in binary or memory: http://www.my-online-search.com
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.drString found in binary or memory: http://www.my-online-search.com&babsrc=SP_ofln&mntrId=&dlb=%d&babsrc=SP_def&NT_HP_TB_SP_My
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.drString found in binary or memory: http://www.my-online-search.com/?babsrc=HP_def&/?q=
Source: Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmpString found in binary or memory: http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=122471
Source: Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmpString found in binary or memory: http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=1224711
Source: Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpString found in binary or memory: http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=1224718v
Source: Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpString found in binary or memory: http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=122471dat
Source: Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpString found in binary or memory: http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=122471html
Source: Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpString found in binary or memory: http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=122471tml
Source: Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpString found in binary or memory: http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588?
Source: Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpString found in binary or memory: http://www.my-online-search.com/?q=
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.drString found in binary or memory: http://www.my-online-search.comhttp://www.my-online-search.com/?babsrc=HP_ofln&mntrId=&dlb=%dhome&?/
Source: Setup.exe, 00000006.00000002.705870081.0000000003560000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: Setup.exe, 00000006.00000002.705870081.0000000003560000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Setup.exe, 00000006.00000002.705870081.0000000003560000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: unknownDNS traffic detected: queries for: stat.info-stream.net
Source: global trafficHTTP traffic detected: GET /report.php?no_policy=1&lang=0&source=setup-start&stage=0&ver=9.1.1.10&affilID=122471&guid={2D9F6D84-E555-456B-B377-7FC7E00E79CD}&mntrId=33EEECF4BBEA1588&moldid=33ee00e8000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=85&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=0&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0 HTTP/1.1User-Agent: BabylonHost: stat.info-stream.netCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /downloader.php?ver=9.1.1.10&affilID=122471&guid={2D9F6D84-E555-456B-B377-7FC7E00E79CD}&mntrId=33EEECF4BBEA1588&moldid=33ee00e8000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=85&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=0&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0&lang=en&zpb=1&geo=1 HTTP/1.1User-Agent: BabylonHost: stp.babylon.comConnection: Keep-AliveCookie: affilID=122471
Source: global trafficHTTP traffic detected: GET /site/files/Setup9/dwr/latest/latest_bl/Setup2.zpb HTTP/1.1User-Agent: BabylonHost: dl.babylon.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /report.php?no_policy=1&lang=0&source=setup-end&stage=91&ver=9.1.1.10&affilID=122471&guid={2D9F6D84-E555-456B-B377-7FC7E00E79CD}&mntrId=33EEECF4BBEA1588&moldid=33ee00e8000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=85&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=0&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0&hp=1&dsp=1&tb=1&hpx=0&dspx=0&rvrt=0&excd=0&stm=2&nvs=0&dnld=100&dcnt=1&dtot=1&dlerr=200&dltm=0&dlsz=3844&dsflr=0&errurl=Setup2.zpb&hpc=1998245871&spc=1998245871&tbx=0 HTTP/1.1User-Agent: BabylonHost: stat.info-stream.netCache-Control: no-cache

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Contains functionality to register a low level keyboard hookShow sources
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeCode function: 6_2_004C8C80 SetWindowsHookExW 00000002,004C8BE0,00000000,000000006_2_004C8C80
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 1_2_00404EB9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_00404EB9
Source: Unlocker1.9.2.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 1_2_004030CB EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,1_2_004030CB
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 1_2_004046CA1_2_004046CA
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 1_2_00405FA81_2_00405FA8
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeCode function: 5_2_001E31F35_2_001E31F3
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeCode function: 6_2_004500156_2_00450015
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeCode function: 6_2_0045832D6_2_0045832D
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeCode function: 6_2_004997406_2_00499740
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeCode function: String function: 004CC5C0 appears 36 times
Source: Unlocker1.9.2.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Unlocker.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: uninst.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UnlockerCOM.dll.1.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: UnlockerCOM.dll.1.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: Setup.exe.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Setup.exe.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeSection loaded: reslib.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeSection loaded: reslib.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeSection loaded: reslib.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\UnlockerDriver5.sysJump to behavior
Source: sqlite3.dll.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
Source: sqlite3.dll.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
Source: DeltaTB.exe.1.drStatic PE information: Section: .rsrc ZLIB complexity 0.999654869478
Source: Unlocker1.9.2.exeMetadefender: Detection: 14%
Source: Unlocker1.9.2.exeReversingLabs: Detection: 47%
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile read: C:\Users\user\Desktop\Unlocker1.9.2.exeJump to behavior
Source: Unlocker1.9.2.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Unlocker1.9.2.exe 'C:\Users\user\Desktop\Unlocker1.9.2.exe'
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeProcess created: C:\Users\user\AppData\Local\Temp\DeltaTB.exe 'C:\Users\user\AppData\Local\Temp\DeltaTB.exe' /aflt=babsst /babTrack='affID=122471' /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeProcess created: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe 'C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe' -xprm='cat=delta' -expg=none /aflt=babsst /babTrack='affID=122471' /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\rundll32.exe' C:\Users\user\AppData\Local\Temp\F27BA7~1\IEHelper.dll,UpdateProtectedModeCookieCache URI|http://babylon.com
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\setup.exe C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\Setup.exe -latest -trkInfo=[TType:5012_7] -xprm='cat=delta' -expg=none /aflt=babsst /babTrack='affID=122471' /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe 'C:\Windows\system32\regsvr32.exe' /s 'C:\Program Files\Unlocker\UnlockerCOM.dll'
Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe /s 'C:\Program Files\Unlocker\UnlockerCOM.dll'
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeProcess created: C:\Users\user\AppData\Local\Temp\DeltaTB.exe 'C:\Users\user\AppData\Local\Temp\DeltaTB.exe' /aflt=babsst /babTrack='affID=122471' /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mntJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe 'C:\Windows\system32\regsvr32.exe' /s 'C:\Program Files\Unlocker\UnlockerCOM.dll'Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeProcess created: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe 'C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe' -xprm='cat=delta' -expg=none /aflt=babsst /babTrack='affID=122471' /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mntJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\setup.exe C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\Setup.exe -latest -trkInfo=[TType:5012_7] -xprm='cat=delta' -expg=none /aflt=babsst /babTrack='affID=122471' /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mntJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe /s 'C:\Program Files\Unlocker\UnlockerCOM.dll'Jump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnlockerJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Local\Temp\nsoF2A6.tmpJump to behavior
Source: Unlocker.exe.1.drBinary string: %s\Unlocker-Log.txt\Device\LanmanRedirector%S%S\LanmanRedirector\%S\??\LanmanRedirector%c:\\.\%c:"0:\%s\\\\?\%s\Unlocker.cfgIsWow64Processopenhttp://unlocker.emptyloop.com/GET /unlocker/version.txt HTTP/1.0
Source: UnlockerDriver5.sys.1.drBinary string: C2C\DosDevices\UnlockerDriver5\Device\UnlockerDriver5
Source: classification engineClassification label: mal42.spyw.winEXE@12/55@3/2
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 1_2_00402020 CoCreateInstance,MultiByteToWideChar,1_2_00402020
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 1_2_004041CD GetDlgItem,SetWindowTextA,SHAutoComplete,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,1_2_004041CD
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.706080065.0000000060901000.00000020.00020000.sdmp, sqlite3.dll.5.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.706080065.0000000060901000.00000020.00020000.sdmp, sqlite3.dll.5.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.706080065.0000000060901000.00000020.00020000.sdmp, sqlite3.dll.5.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.706080065.0000000060901000.00000020.00020000.sdmp, sqlite3.dll.5.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.706080065.0000000060901000.00000020.00020000.sdmp, sqlite3.dll.5.drBinary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.706080065.0000000060901000.00000020.00020000.sdmp, sqlite3.dll.5.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.706080065.0000000060901000.00000020.00020000.sdmp, sqlite3.dll.5.drBinary or memory string: CREATE TABLE %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.706080065.0000000060901000.00000020.00020000.sdmp, sqlite3.dll.5.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.706080065.0000000060901000.00000020.00020000.sdmp, sqlite3.dll.5.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);name='%q'
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.706080065.0000000060901000.00000020.00020000.sdmp, sqlite3.dll.5.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.706080065.0000000060901000.00000020.00020000.sdmp, sqlite3.dll.5.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');sqlite_sequence
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.706080065.0000000060901000.00000020.00020000.sdmp, sqlite3.dll.5.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.706080065.0000000060901000.00000020.00020000.sdmp, sqlite3.dll.5.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.706080065.0000000060901000.00000020.00020000.sdmp, sqlite3.dll.5.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.706080065.0000000060901000.00000020.00020000.sdmp, sqlite3.dll.5.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;U
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeCode function: 6_2_0049D9C0 CreateToolhelp32Snapshot,GetCurrentProcessId,Process32FirstW,Process32NextW,FindCloseChangeNotification,6_2_0049D9C0
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\rundll32.exe' C:\Users\user\AppData\Local\Temp\F27BA7~1\IEHelper.dll,UpdateProtectedModeCookieCache URI|http://babylon.com
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeCode function: 5_2_001E1B44 LoadResource,SizeofResource,LockResource,5_2_001E1B44
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\UnlockerJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile written: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\Delta.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeAutomated click: OK
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeAutomated click: Next >
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeAutomated click: I Agree
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeAutomated click: Next >
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeAutomated click: Next >
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeAutomated click: Next >
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeAutomated click: Install
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeWindow detected: < &BackI &AgreeCancelNullsoft Install System v2.46 Nullsoft Install System v2.46License AgreementPlease review the license terms before installing Unlocker 1.9.2.Press Page Down to see the rest of the agreement.A. Unlocker End User License AgreementB. Delta Toolbar End User License AgreementA. Unlocker End User License AgreementThis software is provided "as is" without any guarantee made as to its suitability or fitness for any particular use. It may contain bugs so use of this tool is at your own risk. We take no responsibility for any damage that may unintentionally be caused through its use.You may not distribute Unlocker in any form without express written permission of Cedrick Collomb (ccollomb@emptyloop.com)B. Delta Toolbar End User License AgreementYou have the option of installing the Delta Toolbar. By Installing the Delta Toolbar you agree to Delta End-User Licence Agreement and Delta Privacy Statement. You can easily remove this application at any time.o Delta End-User Licence Agreement: http://info.delta-search.com/uninstall/eula.htmlo Delta Privacy Statement http://info.delta-search.com/uninstall/privacy.htmlIf you accept the terms of the agreement click I Agree to continue. You must accept the agreement to install Unlocker 1.9.2.
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnlockerJump to behavior
Source: Unlocker1.9.2.exeStatic file information: File size 1078591 > 1048576
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\UnlockerJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\Unlocker.exeJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\UnlockerDriver5.sysJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\UnlockerInject32.exeJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\README.TXTJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\UnlockerCOM.dllJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\Unlocker.urlJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDirectory created: C:\Program Files\Unlocker\uninst.exeJump to behavior
Source: Binary string: D:\Projects\Setup_9.1.1\Release_Win32\Setup32.pdb source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.dr
Source: Binary string: C:\projects\meitar-branch\SP_Meitar\Release_Win32\ReportUrlDll.pdb source: setup.exe, 00000008.00000002.699385840.0000000000932000.00000002.00020000.sdmp, setup.exe.6.dr
Source: Binary string: c:\Documents and Settings\Cedrick\My Documents\Cedrick\Backup Office\My Sources\Visual Studio Projects\Unlocker\Release64\Unlocker.pdb source: Unlocker.exe.1.dr
Source: Binary string: D:\Projects\Setup_9.1.0\Release_Win32\IEHelper.pdbp source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, IEHelper.dll.5.dr
Source: Binary string: D:\Projects\Babylon\Setup1_Win32\Setup_Stub.pdbN source: Unlocker1.9.2.exe
Source: Binary string: D:\Projects\Setup_9.1.0\Release_Win32\BExternal.pdb source: DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.697726420.0000000000921000.00000004.00000001.sdmp, BExternal.dll.6.dr
Source: Binary string: D:\Projects\Setup_9.1.1\Release_Win32\Setup32.pdbp;V source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.dr
Source: Binary string: D:\Projects\Babylon\Setup1_Win32\Setup_Stub.pdb source: DeltaTB.exe, 00000005.00000002.706872422.00000000001E4000.00000002.00020000.sdmp, Unlocker1.9.2.exe
Source: Binary string: D:\Projects\Setup_9.1.0\Release_Win32\IEHelper.pdb source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, IEHelper.dll.5.dr
Source: Binary string: c:\Documents and Settings\Cedrick\My Documents\Cedrick\Backup Office\My Sources\Visual Studio Projects\Unlocker\Release64\Unlocker.pdbH source: Unlocker.exe.1.dr
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeCode function: 6_2_004568A5 push ecx; ret 6_2_004568B8
Source: BExternal.dll.5.drStatic PE information: section name: .SHARDAT
Source: sqlite3.dll.5.drStatic PE information: section name: .stab
Source: sqlite3.dll.5.drStatic PE information: section name: .stabstr
Source: BExternal.dll.6.drStatic PE information: section name: .SHARDAT
Source: sqlite3.dll.6.drStatic PE information: section name: .stab
Source: sqlite3.dll.6.drStatic PE information: section name: .stabstr
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 1_2_00405CFF GetModuleHandleA,LoadLibraryA,GetProcAddress,1_2_00405CFF
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe 'C:\Windows\system32\regsvr32.exe' /s 'C:\Program Files\Unlocker\UnlockerCOM.dll'

Persistence and Installation Behavior:

barindex
Sample is not signed and drops a device driverShow sources
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\UnlockerDriver5.sysJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\UnlockerCOM.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\setup.exeJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Local\Temp\DeltaTB.exeJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\uninst.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeFile created: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\sqlite3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\BExternal.dllJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\UnlockerDriver5.sysJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\IEHelper.dllJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\UnlockerInject32.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeFile created: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\BExternal.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeFile created: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\IEHelper.dllJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\Unlocker.exeJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\InstallOptions.dllJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\LangDLL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeFile created: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\sqlite3.dllJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Program Files\Unlocker\README.TXTJump to behavior

Boot Survival:

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)Show sources
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeWindow found: window name: ProgmanJump to behavior
Creates an undocumented autostart registry key Show sources
Source: C:\Windows\System32\regsvr32.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\UnlockerShellExtension NULLJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnlockerJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\README.lnkJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Start Unlocker.lnkJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Website.lnkJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnkJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UnlockerDriver5Jump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeCode function: 6_2_0049D9C0 CreateToolhelp32Snapshot,GetCurrentProcessId,Process32FirstW,Process32NextW,FindCloseChangeNotification,6_2_0049D9C0
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_6-27592
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_6-27579
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDropped PE file which has not been started: C:\Program Files\Unlocker\uninst.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\BExternal.dllJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDropped PE file which has not been started: C:\Program Files\Unlocker\UnlockerDriver5.sysJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDropped PE file which has not been started: C:\Program Files\Unlocker\UnlockerInject32.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\BExternal.dllJump to dropped file
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeDropped PE file which has not been started: C:\Program Files\Unlocker\Unlocker.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeCode function: _memset,GetVolumeInformationW,_memset,GetAdaptersInfo,_memset,StringFromGUID2,6_2_004F4BC0
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 1_2_00405302 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00405302
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 1_2_00405CD8 FindFirstFileA,FindClose,1_2_00405CD8
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 1_2_0040263E FindFirstFileA,1_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeCode function: 5_2_001E121F _wcscpy,_wcscpy,_wcscat,FindFirstFileW,5_2_001E121F
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeCode function: 6_2_0049F0E0 FindFirstFileW,FindClose,6_2_0049F0E0
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeAPI call chain: ExitProcess graph end nodegraph_1-3152
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile Volume queried: C:\Program Files FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeFile Volume queried: C:\Program Files FullSizeInformationJump to behavior
Source: Setup.exe, 00000006.00000002.704871026.00000000008B8000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeCode function: 5_2_001E3BC5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_001E3BC5
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeCode function: 6_2_0049D9C0 CreateToolhelp32Snapshot,GetCurrentProcessId,Process32FirstW,Process32NextW,FindCloseChangeNotification,6_2_0049D9C0
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 1_2_00405CFF GetModuleHandleA,LoadLibraryA,GetProcAddress,1_2_00405CFF
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeCode function: 6_2_0044F1DA IsProcessorFeaturePresent,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,InterlockedCompareExchange,GetProcessHeap,HeapFree,6_2_0044F1DA
Source: C:\Users\user\AppData\Local\Temp\DeltaTB.exeCode function: 5_2_001E3BC5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_001E3BC5
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeCode function: 6_2_0045567D _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_0045567D
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeCode function: 6_2_0044F6C8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_0044F6C8
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\setup.exeCode function: 8_2_0093150D SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_0093150D
Source: Setup.exeBinary or memory string: Progman
Source: DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.drBinary or memory string: buyprc://%s,%d,%dCP_LINK<a id='%s' href='buyprc://%s,%d,%d'>%s</a> rbBF::RL%dwbBF::WL%dBLS_BLSBLS_~BLSBLS_CNLBLS_AL 0x%p 0x%p 0x%pBLS_AIN 0x%pBLS_GAPBLS_BLS_HFTPBLS_BLS_HTSPBLS_BLS_HUTPBLS_GTCLBLS_GCP3_1BLS_GCP3_2BLS_GPLNUBLS_BLS_HFTPBL_SCUIZ 0x%p 0x%pBLS_GCP4BLS::HCT%dBLS_GCP1 %d %d %d %dBLS::SSD%dBLS::GSD%dBLS::CC%dBLS_GCP2BLS_SCPBLS_GDICBLS_GVICBLS_GVOICBLS_GVVCBLS_DGP %d %d %d 0x%pBLS_GP1BLS_GP2 %d %d %dBLS_FNUFBLS_GP3BLS_GFT 0x%p 0x%pBLS::RC%dBLS::RAL%dBLS_RLBHBLS_GFCBLS_GFNTSBLS_GSTSBLS_GFPBLS_GNPBLS_GFLBLS_GNLBLS_GLBHBLS_GLBCBLS_ICRC 0x%p 0x%pBLS_ICRC1 0x%pBLS::IBL%dBLS::BL%dBLS::UBL%dBLS::DBL%dBLS::GLAI%dTRIALCORPUNLICENSED_CORPCEPROOTHERBLS::GPLL%dBLS::GCSD%dBLS::GCED%dBLS::GMED%dBLS::GCTL%dBLS::GCML%dBLS::GLI%dBLS::IT%dBLS::IR%dBLS::PL%dBLS::APL%dBLS::AVL%dIDIDRandRNDMinVersionVLicNameLNUserNameUNFeatureTypeFTFeatureIDFIDStartDateSLicenseMonthsLMLicenseDaysLDMaintMonthesMMMaintDaysMDFeatureNameFNMaintEndMEMaxPushMPUpgradeUPProductVersionPVURIURIBCL_GCTCBCL_IFSBCL_ITL%dBCL_HFBCL_GMTBCL_CFIDBCL_CPIDBCL_CVIDBCL_CFBCL_IFBCL_IUBCL_IVOKBCL::GFNTS%dBCL::GSTSIP%d%d %s%dBCL::GPD%dBCL::GPPV%dBCL::GPUV%d%dBCL::GPFV%dBCL::GFP%d%dBCL::GNP%dBL_GFTHBCL_GFLDBCL_GFMDBCL::GFD%dBCL_GCI2BCL_GCIBCL_GCFIBCL_GCFI1BCL_GFTT %s (%d)BCL_GFITBCL_GCINBCL_GINBCL_GFINBCL::GLT%dBCL::IC%dBCL_GSTSBCL_APBCL_FUSBL_ILEX 0x%pBCL_ILEBCL_IEBCL_GP %dBCL::MUU%dBCL_IBUP::ILPOK%dP::IMPOK%dP::IVOK%dP::IPE%dP::RID%dP::WID%dP_WIDP::WS%dP_SSDP_STCDP_MMSP::HAS%dP::MVS%dP_MS1P::IB%dP_APP_CTLP_MSP_CLPP_CMPP_CLPP_OP%0d%0a%%%02xUnEscURL url=%hs&lt;&gt;&amp;&quot;&apos;XML_EscA()&lt;&gt;&amp;&quot;&apos;XML_EscW()&lt;&gt;&amp;&quot;&apos;XML_EscA()&lt;&gt;&amp;&quot;&apos;XML_EscW()&lt;&gt;&amp;&quot;&apos;&lt;&gt;&amp;&quot;&apos;&; &amp;&; &amp;rBTM_gftCPRWL::Dest()CPRWL::Enter cat=%dCPRWL::Leave()PTSM::PTSM n_states=%dPTSM::~PTSM()PTSM::Wait st=%dPTSM::Set st=%d\VarFileInfo\Translation\StringFileInfo\%04x%04x\%sProgmanAdvApi32CreateProcessWithTokenWDllGetVersionComctl32.dllShell32.dllwut_enWinFG()wut_FFGWN/Awut_guliUser32.dllChangeWindowMessageFilterProgmanAdvApi32CreateProcessAsUserWopenECWP()User32.dllIsProcessDPIAwareroot\SecurityCenter2root\SecurityCenterSELECT * FROM AntivirusProductWQLdisplayName;Software\Microsoft\Windows\CurrentVersion\App Paths\PathIsWow64Processkernel32Software\Microsoft\Windows\CurrentVersion\Policies\SystemEnableLUArundll32.exeschtasks.exeGetProductInfokernel32.dllwut_sa2bwut_GWPBR(%d, %d)]:[_&?/%#+-%%%02X&?/%#+-%??%!Bad_URI!!!!!!Bad_URI!!Bad_URI!!Bad_URI!!!!!!!!!BABAuto%s%s%d%s%dBABCrossBABCrossBABCrossBABCrossBAB!Corrections!BAB!Convert!BAB!Messages!BAB!Analytics!,ERROR (%d)ERROR (%d)ERRORCPML::Dtor()CPML::Enter()CPML::Leave()EnglishArabicChinese(S)Chinese(T)DutchFinnishFrenchGermanGreekHebrewHungarianItalianJapaneseKoreanNorwegianPolishPortugueseRussianSpanishSwedishTurkishRomanianDanishHindiCzechIndonesianThaienEnglishengfrFrenchfraitItalianitaesSpanishspanlDutchdutptPortuguesepordeGermangerruRussianrusjaJapanesejpnzhtChinese (T)chtzhsChinese (S)chielGre
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeCode function: GetLocaleInfoW,6_2_00502490
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\setup.exeCode function: 8_2_009315EB cpuid 8_2_009315EB
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeCode function: 6_2_00452455 GetSystemTimeAsFileTime,__aulldiv,6_2_00452455
Source: C:\Users\user\Desktop\Unlocker1.9.2.exeCode function: 1_2_004059FF GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,1_2_004059FF
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: Start Unlocker.lnk.1.drBinary or memory string: C:\Program Files\Unlocker\Unlocker.exe
Source: Setup.exe, 00000006.00000002.705043532.00000000008ED000.00000004.00000020.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: Start Unlocker.lnk.1.drBinary or memory string: C:\Program Files\Unlocker\Unlocker.exe>..\..\..\..\..\..\..\..\..\Program Files\Unlocker\Unlocker.exe
Source: Start Unlocker.lnk.1.drBinary or memory string: Unlocker.exe

Stealing of Sensitive Information:

barindex
Tries to harvest and steal browser information (history, passwords, etc)Show sources
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journalJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journalJump to behavior
Source: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1DLL Side-Loading1DLL Side-Loading1Deobfuscate/Decode Files or Information1OS Credential Dumping1System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Default AccountsNative API2Windows Service21Windows Service21Obfuscated Files or Information2Input Capture11File and Directory Discovery3Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Registry Run Keys / Startup Folder11Process Injection2Software Packing1Security Account ManagerSystem Information Discovery35SMB/Windows Admin SharesInput Capture11Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Registry Run Keys / Startup Folder11DLL Side-Loading1NTDSQuery Registry1Distributed Component Object ModelClipboard Data1Scheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading3LSA SecretsSecurity Software Discovery251SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonProcess Injection2Cached Domain CredentialsProcess Discovery3VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsRegsvr321DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobRundll321Proc FilesystemSystem Network Configuration Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 494046 Sample: Unlocker1.9.2.exe Startdate: 30/09/2021 Architecture: WINDOWS Score: 42 59 Antivirus / Scanner detection for submitted sample 2->59 61 Multi AV Scanner detection for submitted file 2->61 8 Unlocker1.9.2.exe 11 49 2->8         started        process3 file4 37 C:\Users\user\AppData\Local\...\DeltaTB.exe, PE32 8->37 dropped 39 C:\Program Files\...\UnlockerDriver5.sys, PE32+ 8->39 dropped 41 C:\Users\user\AppData\Local\...\System.dll, PE32 8->41 dropped 43 6 other files (none is malicious) 8->43 dropped 71 Sample is not signed and drops a device driver 8->71 12 DeltaTB.exe 17 8->12         started        16 regsvr32.exe 8->16         started        signatures5 process6 file7 45 C:\Users\user\AppData\Local\...\Setup.exe, PE32 12->45 dropped 47 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32 12->47 dropped 49 C:\Users\user\AppData\Local\...\IEHelper.dll, PE32 12->49 dropped 51 C:\Users\user\AppData\Local\...\BExternal.dll, PE32 12->51 dropped 73 Multi AV Scanner detection for dropped file 12->73 18 Setup.exe 1 88 12->18         started        23 regsvr32.exe 7 16->23         started        signatures8 process9 dnsIp10 53 stat.babylon-services.com 184.154.27.232, 49754, 49755, 49757 SINGLEHOP-LLCUS United States 18->53 55 dl.babylon-services.com 198.143.175.67, 49756, 80 SINGLEHOP-LLCUS United States 18->55 57 4 other IPs or domains 18->57 29 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32 18->29 dropped 31 C:\Users\user\AppData\Local\...\setup.exe, PE32 18->31 dropped 33 C:\Users\user\AppData\Local\...\IEHelper.dll, PE32 18->33 dropped 35 C:\Users\user\AppData\Local\...\BExternal.dll, PE32 18->35 dropped 63 Contains functionality to register a low level keyboard hook 18->63 65 Tries to harvest and steal browser information (history, passwords, etc) 18->65 67 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 18->67 25 rundll32.exe 1 6 18->25         started        27 setup.exe 18->27         started        69 Creates an undocumented autostart registry key 23->69 file11 signatures12 process13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Unlocker1.9.2.exe15%MetadefenderBrowse
Unlocker1.9.2.exe48%ReversingLabs
Unlocker1.9.2.exe100%AviraAPPL/Toolbar.Babylon.10785

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\Unlocker\Unlocker.exe0%MetadefenderBrowse
C:\Program Files\Unlocker\Unlocker.exe2%ReversingLabs
C:\Program Files\Unlocker\UnlockerCOM.dll0%MetadefenderBrowse
C:\Program Files\Unlocker\UnlockerCOM.dll0%ReversingLabs
C:\Program Files\Unlocker\UnlockerDriver5.sys0%MetadefenderBrowse
C:\Program Files\Unlocker\UnlockerDriver5.sys0%ReversingLabs
C:\Program Files\Unlocker\UnlockerInject32.exe0%MetadefenderBrowse
C:\Program Files\Unlocker\UnlockerInject32.exe0%ReversingLabs
C:\Program Files\Unlocker\uninst.exe0%MetadefenderBrowse
C:\Program Files\Unlocker\uninst.exe2%ReversingLabs
C:\Users\user\AppData\Local\Temp\DeltaTB.exe26%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\DeltaTB.exe45%ReversingLabsWin32.PUA.Babylon
C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\BExternal.dll2%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\BExternal.dll3%ReversingLabsWin32.PUA.Babylon
C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\IEHelper.dll7%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\IEHelper.dll3%ReversingLabsWin32.PUA.Babylon
C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\BExternal.dll2%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\BExternal.dll3%ReversingLabsWin32.PUA.Babylon

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-start&stage=0&ver=9.1.1.10&affilID=122471&guid={2D9F6D84-E555-456B-B377-7FC7E00E79CD}&mntrId=33EEECF4BBEA1588&moldid=33ee00e8000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=85&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=0&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.00%Avira URL Cloudsafe
http://stat.info-strea0%Avira URL Cloudsafe
http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=122471dat0%Avira URL Cloudsafe
http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588?0%Avira URL Cloudsafe
http://Kernel32.dllSetDllDirectoryW0%Avira URL Cloudsafe
http://www.my-online-search.com0%Avira URL Cloudsafe
http://stat.info-stream.net/report.php?no_policy=1&lang=0&s0%Avira URL Cloudsafe
http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=12247110%Avira URL Cloudsafe
http://clientac.babsrv.com/?f=3&n=10&q=%s&l=%d&t=%d&p=babylon&b=1&callback=acp_newz0%Avira URL Cloudsafe
http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-end&stage=91&ver=9.1.1.10&aff0%Avira URL Cloudsafe
http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=122471html0%Avira URL Cloudsafe
http://www.my-online-search.com&babsrc=SP_ofln&mntrId=&dlb=%d&babsrc=SP_def&NT_HP_TB_SP_My0%Avira URL Cloudsafe
http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=1224710%Avira URL Cloudsafe
http://babylon.comC0%Avira URL Cloudsafe
http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=122471tml0%Avira URL Cloudsafe
http://www.my-online-search.com/?q=0%Avira URL Cloudsafe
http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-end&stage=91&ver=9.1.1.10&affilID=122471&guid={2D9F6D84-E555-456B-B377-7FC7E00E79CD}&mntrId=33EEECF4BBEA1588&moldid=33ee00e8000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=85&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=0&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0&hp=1&dsp=1&tb=1&hpx=0&dspx=0&rvrt=0&excd=0&stm=2&nvs=0&dnld=100&dcnt=1&dtot=1&dlerr=200&dltm=0&dlsz=3844&dsflr=0&errurl=Setup2.zpb&hpc=1998245871&spc=1998245871&tbx=00%Avira URL Cloudsafe
http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-end&stage=111&ver=9.1.1.10&af0%Avira URL Cloudsafe
http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=1224718v0%Avira URL Cloudsafe
http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-start&stage=0&ver=9.1.1.10&af0%Avira URL Cloudsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://www.my-online-search.comhttp://www.my-online-search.com/?babsrc=HP_ofln&mntrId=&dlb=%dhome&?/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
dl.babylon-services.com
198.143.175.67
truefalse
    		unknown
    stp.babylon-services.com
    		184.154.27.232
    		truefalse
      		unknown
      stat.babylon-services.com
      		184.154.27.232
      		truefalse
        		unknown
        stp.babylon.com
        		unknown
        		unknownfalse
          		high
          dl.babylon.com
          		unknown
          		unknownfalse
            		high
            stat.info-stream.net
            		unknown
            		unknownfalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-start&stage=0&ver=9.1.1.10&affilID=122471&guid={2D9F6D84-E555-456B-B377-7FC7E00E79CD}&mntrId=33EEECF4BBEA1588&moldid=33ee00e8000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=85&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=0&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0true
              • Avira URL Cloud: safe
              		unknown
              http://stp.babylon.com/downloader.php?ver=9.1.1.10&affilID=122471&guid={2D9F6D84-E555-456B-B377-7FC7E00E79CD}&mntrId=33EEECF4BBEA1588&moldid=33ee00e8000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=85&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=0&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0&lang=en&zpb=1&geo=1false
                		high
                http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-end&stage=91&ver=9.1.1.10&affilID=122471&guid={2D9F6D84-E555-456B-B377-7FC7E00E79CD}&mntrId=33EEECF4BBEA1588&moldid=33ee00e8000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=85&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=0&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0&hp=1&dsp=1&tb=1&hpx=0&dspx=0&rvrt=0&excd=0&stm=2&nvs=0&dnld=100&dcnt=1&dtot=1&dlerr=200&dltm=0&dlsz=3844&dsflr=0&errurl=Setup2.zpb&hpc=1998245871&spc=1998245871&tbx=0true
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://info.babylon.com/setup/downloader.phpSetup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                  		high
                  http://stat.info-streaSetup.exe, 00000006.00000002.703264851.000000000017D000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://search.babylon.comDeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.700897152.0000000002DEA000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                    		high
                    http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=122471datSetup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://dl.babylon.com/Setup.exe, 00000006.00000002.705043532.00000000008ED000.00000004.00000020.sdmpfalse
                      		high
                      http://unlocker.emptyloop.com/PrUnlocker.exe.1.drfalse
                        		high
                        http://babylon.com/?hp%d:%d;dsp%d:%d;hpu%d:%s;dspu%d:%s;COO_gcSCOO_scSBTRSCOO_suaopenopenieffcrBUSolDeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.drfalse
                          		high
                          http://unlocker.emptyloop.com/DitUnlocker.exe.1.drfalse
                            		high
                            http://unlocker.emptyloop.com/OvaUnlocker.exe.1.drfalse
                              		high
                              http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588?Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://unlocker.emptyloop.com/GETUnlocker.exe.1.drfalse
                                		high
                                http://unlocker.emptyloop.com/PorukaUnlocker.exe.1.drfalse
                                  		high
                                  http://Kernel32.dllSetDllDirectoryWDeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://unlocker.emptyloop.com/AccessoUnlocker.exe.1.drfalse
                                    		high
                                    http://www.babylon.com/redirects/download.cgi?Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                      		high
                                      http://dl.babylon.com/d=33ee00e8000000000000ecfTSetup.exe, 00000006.00000002.705043532.00000000008ED000.00000004.00000020.sdmpfalse
                                        		high
                                        http://dl.babylon.com/site/files/Setup9/dwr/DefaultClient/DefaultClient/Default-tbdat.zpb;http://dl.DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                          		high
                                          http://www.my-online-search.comSetup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://stat.info-stream.net/report.php?no_policy=1&lang=0&sSetup.exe, 00000006.00000003.700787207.0000000002DE7000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://unlocker.emptyloop.com/TUnlocker.exe.1.drfalse
                                            		high
                                            http://stpui.babylon.com/setup_cms_url?name=&param=&lang=%d&ver=%d&bld=%d&&ver=DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.drfalse
                                              		high
                                              http://unlocker.emptyloop.com/PUnlocker.exe.1.drfalse
                                                		high
                                                http://www.babylon.com/redirects/redir.cgi?type=machinetranssoXSetup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://www.babylon.com/redirects/redir.cgi?type=machinetransDeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                    		high
                                                    http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=1224711Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://clientac.babsrv.com/?f=3&n=10&q=%s&l=%d&t=%d&p=babylon&b=1&callback=acp_newzSetup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://unlocker.emptyloop.com/JuurdepUnlocker.exe.1.drfalse
                                                      		high
                                                      http://unlocker.emptyloop.com/PesanUnlocker.exe.1.drfalse
                                                        		high
                                                        http://info.babylon.com/campaigns/DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                          		high
                                                          http://bis.babylon.com/_Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://info.babylon.com/welcome/jSetup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://nsis.sf.net/NSIS_ErrorErrorUnlocker1.9.2.exefalse
                                                                		high
                                                                http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpb;downloader[1].htm.6.drfalse
                                                                  		high
                                                                  http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-end&stage=91&ver=9.1.1.10&affSetup.exe, 00000006.00000002.704871026.00000000008B8000.00000004.00000020.sdmp, Setup.exe, 00000006.00000003.700608560.0000000002DFB000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.700787207.0000000002DE7000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705043532.00000000008ED000.00000004.00000020.sdmp, log_file.txt.6.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.babylon.com/redirects/download.cgi?zDSetup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=122471htmlSetup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://dl.babylon.com/85&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprSetup.exe, 00000006.00000002.705043532.00000000008ED000.00000004.00000020.sdmpfalse
                                                                      		high
                                                                      http://www.my-online-search.com&babsrc=SP_ofln&mntrId=&dlb=%d&babsrc=SP_def&NT_HP_TB_SP_MyDeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.drfalse
                                                                      • Avira URL Cloud: safe
                                                                      		low
                                                                      http://www.babylon.com/redirects/purchase.cgi?Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                                        		high
                                                                        http://nsis.sf.net/NSIS_ErrorUnlocker1.9.2.exefalse
                                                                          		high
                                                                          http://bts.babylon.com/index.phpSetup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                                            		high
                                                                            http://stpui.babylon.com/Setup.exefalse
                                                                              		high
                                                                              http://tc.babylon.com/Ginger/correctDeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                                                		high
                                                                                http://unlocker.emptyloop.com/CeUnlocker.exe.1.drfalse
                                                                                  		high
                                                                                  http://www.babylon.com/redirects/redir.cgi?no_policy=1&type=%s&lang=%d9.1.1.10HPTBDSPukieffcrver=&&mDeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.drfalse
                                                                                    		high
                                                                                    http://info.babylon.com/stat/client_ga.php?name=$DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                                                      		high
                                                                                      http://www.babylon.com/lingoz-redirect~Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=122471Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://babylon.comCSetup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://unlocker.emptyloop.com/MesejUnlocker.exe.1.drfalse
                                                                                          		high
                                                                                          http://www.babylon.com/redirects/redir.cgi?Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                                                            		high
                                                                                            http://utils.babylon.com/country/DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                                                              		high
                                                                                              http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=122471tmlSetup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://unlocker.emptyloop.com/TaUnlocker.exe.1.drfalse
                                                                                                		high
                                                                                                http://www.babylon.com/redirects/client.cgi?Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                                                                  		high
                                                                                                  http://www.my-online-search.com/?q=Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://babylon.com/Setup.exe, 00000006.00000002.704732561.000000000087A000.00000004.00000020.sdmpfalse
                                                                                                    		high
                                                                                                    http://unlocker.emptyloop.com/KyUnlocker.exe.1.drfalse
                                                                                                      		high
                                                                                                      http://clients.babylon.com/pro/kms6.cgiSetup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                                                                        		high
                                                                                                        http://unlocker.emptyloop.comUnlocker1.9.2.exe, 00000001.00000003.711085041.0000000002880000.00000004.00000001.sdmp, README.TXT.1.drfalse
                                                                                                          		high
                                                                                                          http://info.babylon.com/welcome/DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                                                                            		high
                                                                                                            http://unlocker.emptyloop.com/ToUnlocker.exe.1.drfalse
                                                                                                              		high
                                                                                                              http://babylon.comDeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                                                                                		high
                                                                                                                http://unlocker.emptyloop.com/EsteUnlocker.exe.1.drfalse
                                                                                                                  		high
                                                                                                                  http://unlocker.emptyloop.com/TatoUnlocker.exe.1.drfalse
                                                                                                                    		high
                                                                                                                    http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-end&stage=111&ver=9.1.1.10&afSetup.exe, 00000006.00000003.700787207.0000000002DE7000.00000004.00000001.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://unlocker.emptyloop.com/????Unlocker.exe.1.drfalse
                                                                                                                      		high
                                                                                                                      http://unlocker.emptyloop.com/EstaUnlocker.exe.1.drfalse
                                                                                                                        		high
                                                                                                                        http://cs-g2-crl.thawte.com/ThawteCSG2.crl0DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Unlocker1.9.2.exefalse
                                                                                                                          		high
                                                                                                                          http://info.babylon.com/campaigns/rSetup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://crl.thawte.com/ThawteTimestampingCA.crl0DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Unlocker1.9.2.exefalse
                                                                                                                              		high
                                                                                                                              http://unlocker.emptyloop.com/ThisUnlocker.exe.1.drfalse
                                                                                                                                		high
                                                                                                                                http://unlocker.emptyloop.com/AcestUnlocker.exe.1.drfalse
                                                                                                                                  		high
                                                                                                                                  http://unlocker.emptyloop.com/QuestoUnlocker.exe.1.drfalse
                                                                                                                                    		high
                                                                                                                                    http://unlocker.emptyloop.com/DenegadoUnlocker.exe.1.drfalse
                                                                                                                                      		high
                                                                                                                                      http://www.babylon.com/redirects/redir.cgi?type=getting_started&lang=$Setup.exe, 00000006.00000003.700897152.0000000002DEA000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                                                                                                        		high
                                                                                                                                        http://unlocker.emptyloop.com/DenneUnlocker.exe.1.drfalse
                                                                                                                                          		high
                                                                                                                                          http://www.my-online-search.com/?babsrc=HP_ofln&mntrId=33EEECF4BBEA1588&dlb=0&affID=1224718vSetup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          http://info.delta-search.com/uninstall/eula.htmlUnlocker1.9.2.exe, 00000001.00000003.675160600.0000000003A90000.00000004.00000001.sdmp, Unlocker1.9.2.exe, 00000001.00000002.733638627.000000000019A000.00000004.00000001.sdmp, Delta.ini.1.drfalse
                                                                                                                                            		high
                                                                                                                                            http://www.babylon.com/redirects/client.cgi?rSetup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://unlocker.emptyloop.com/OdmUnlocker.exe.1.drfalse
                                                                                                                                                		high
                                                                                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icoSetup.exe, 00000006.00000002.705870081.0000000003560000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-start&stage=0&ver=9.1.1.10&afSetup.exe, 00000006.00000002.704871026.00000000008B8000.00000004.00000020.sdmp, log_file.txt.6.drfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  http://stp.babylon.com/downloader.php?&lang=&zpb=1&second=1&geo=1about:blank:about:blankbfrNvgt:DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.drfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.babylon.com/redirects/redir.cgi?type=post_install_page&lang=$DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.690504686.0000000002DF7000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.babylon.com/redirects/redir.cgi?type=babylon6_full_textDeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                                                                                                                        		high
                                                                                                                                                        http://ocsp.thawte.com0DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Unlocker1.9.2.exefalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        http://www.my-online-search.comhttp://www.my-online-search.com/?babsrc=HP_ofln&mntrId=&dlb=%dhome&?/DeltaTB.exe, 00000005.00000003.706373110.0000000002A31000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp, Setup.exe.5.drfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchSetup.exe, 00000006.00000002.705870081.0000000003560000.00000004.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpb;.zpb;Setup.exe, 00000006.00000002.705043532.00000000008ED000.00000004.00000020.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://tcm.babylon.com/UM_Consumer/UMOpeartionsSetup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://bis.babylon.com/DeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                                                                                                                                		high
                                                                                                                                                                http://unlocker.emptyloop.com/)Unlocker.exe.1.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://dl.babylon.com/site/files/Setup9/dwr/DefaultClient/DefaultClient/Default-clientdat.zpb;http:/Setup.exe, 00000006.00000003.700897152.0000000002DEA000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.690504686.0000000002DF7000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://www.babylon.com/redirects/redir.cgi?type=babylon6_full_textPSetup.exe, 00000006.00000003.701714628.0000000002E97000.00000004.00000001.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://unlocker.emptyloop.com/SeeUnlocker.exe.1.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.babylon.com/lingoz-redirectDeltaTB.exe, 00000005.00000003.706343803.0000000002A10000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.691505563.0000000002DFD000.00000004.00000001.sdmp, Setup.exe, 00000006.00000002.705848870.0000000003360000.00000004.00000001.sdmp, Babylon.dat.5.drfalse
                                                                                                                                                                          		high

                                                                                                                                                                          Contacted IPs

                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                          Public

                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                          184.154.27.232
                                                                                                                                                                          		stp.babylon-services.comUnited States
                                                                                                                                                                          		32475SINGLEHOP-LLCUSfalse
                                                                                                                                                                          198.143.175.67
                                                                                                                                                                          		dl.babylon-services.comUnited States
                                                                                                                                                                          		32475SINGLEHOP-LLCUSfalse

                                                                                                                                                                          General Information

                                                                                                                                                                          Joe Sandbox Version:33.0.0 White Diamond
                                                                                                                                                                          Analysis ID:494046
                                                                                                                                                                          Start date:30.09.2021
                                                                                                                                                                          Start time:09:15:46
                                                                                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                                                                                          Overall analysis duration:0h 8m 12s
                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                          Report type:full
                                                                                                                                                                          Sample file name:Unlocker1.9.2.exe
                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                          Number of analysed new started processes analysed:21
                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                          Technologies:
                                                                                                                                                                          • HCA enabled
                                                                                                                                                                          • EGA enabled
                                                                                                                                                                          • HDC enabled
                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                          Detection:MAL
                                                                                                                                                                          Classification:mal42.spyw.winEXE@12/55@3/2
                                                                                                                                                                          EGA Information:
                                                                                                                                                                          • Successful, ratio: 80%
                                                                                                                                                                          HDC Information:
                                                                                                                                                                          • Successful, ratio: 29.7% (good quality ratio 28.6%)
                                                                                                                                                                          • Quality average: 79.5%
                                                                                                                                                                          • Quality standard deviation: 24%
                                                                                                                                                                          HCA Information:Failed
                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                          • Adjust boot time
                                                                                                                                                                          • Enable AMSI
                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                          • Stop behavior analysis, all processes terminated
                                                                                                                                                                          Warnings:
                                                                                                                                                                          Show All
                                                                                                                                                                          • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 23.211.6.115, 20.50.102.62, 20.54.110.249, 40.112.88.60, 80.67.82.235, 80.67.82.211
                                                                                                                                                                          • Excluded domains from analysis (whitelisted): displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                          • VT rate limit hit for: /opt/package/joesandbox/database/analysis/494046/sample/Unlocker1.9.2.exe

                                                                                                                                                                          Simulations

                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                          No simulations

                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                          IPs

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                          184.154.27.232http://stat.info-stream.net/report.phpGet hashmaliciousBrowse
                                                                                                                                                                          • stat.info-stream.net/favicon.ico
                                                                                                                                                                          198.143.175.67DeltaTB.exeGet hashmaliciousBrowse
                                                                                                                                                                          • dl.babylon.com/site/files/Setup9/dwr/DSeachLink/DSearchLink.zpb

                                                                                                                                                                          Domains

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                          stat.babylon-services.comDeltaTB.exeGet hashmaliciousBrowse
                                                                                                                                                                          • 184.154.27.232
                                                                                                                                                                          http://stat.info-stream.net/report.phpGet hashmaliciousBrowse
                                                                                                                                                                          • 184.154.27.232
                                                                                                                                                                          dl.babylon-services.comDeltaTB.exeGet hashmaliciousBrowse
                                                                                                                                                                          • 198.143.175.67
                                                                                                                                                                          stp.babylon-services.comDeltaTB.exeGet hashmaliciousBrowse
                                                                                                                                                                          • 184.154.27.232
                                                                                                                                                                          cf9f3c05-00c9-4008-846e-7d9a88232305.exeGet hashmaliciousBrowse
                                                                                                                                                                          • 184.154.27.232

                                                                                                                                                                          ASN

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                          SINGLEHOP-LLCUSDeltaTB.exeGet hashmaliciousBrowse
                                                                                                                                                                          • 198.143.175.67
                                                                                                                                                                          armGet hashmaliciousBrowse
                                                                                                                                                                          • 181.224.143.199
                                                                                                                                                                          sora.arm7Get hashmaliciousBrowse
                                                                                                                                                                          • 65.60.30.13
                                                                                                                                                                          0HXxUcP5S4Get hashmaliciousBrowse
                                                                                                                                                                          • 198.20.85.242
                                                                                                                                                                          LAKmNB72J8Get hashmaliciousBrowse
                                                                                                                                                                          • 107.6.134.203
                                                                                                                                                                          U6lZQUtrU5Get hashmaliciousBrowse
                                                                                                                                                                          • 99.198.96.203
                                                                                                                                                                          shinto.x86Get hashmaliciousBrowse
                                                                                                                                                                          • 65.63.147.53
                                                                                                                                                                          GVlpP9RL5tGet hashmaliciousBrowse
                                                                                                                                                                          • 96.127.141.195
                                                                                                                                                                          test.dllGet hashmaliciousBrowse
                                                                                                                                                                          • 107.6.164.82
                                                                                                                                                                          specification-806170894.xlsGet hashmaliciousBrowse
                                                                                                                                                                          • 172.96.186.148
                                                                                                                                                                          specification-806170894.xlsGet hashmaliciousBrowse
                                                                                                                                                                          • 172.96.186.148
                                                                                                                                                                          8PNWNtxdR5Get hashmaliciousBrowse
                                                                                                                                                                          • 65.62.12.142
                                                                                                                                                                          yVCmb25cxQGet hashmaliciousBrowse
                                                                                                                                                                          • 181.224.143.167
                                                                                                                                                                          sora.x86Get hashmaliciousBrowse
                                                                                                                                                                          • 65.62.1.113
                                                                                                                                                                          COSCO SHIPPING AGENCY.exeGet hashmaliciousBrowse
                                                                                                                                                                          • 65.60.11.250
                                                                                                                                                                          M2021-D-074.exeGet hashmaliciousBrowse
                                                                                                                                                                          • 107.6.155.186
                                                                                                                                                                          re2.arm7Get hashmaliciousBrowse
                                                                                                                                                                          • 108.163.249.5
                                                                                                                                                                          i586Get hashmaliciousBrowse
                                                                                                                                                                          • 65.62.12.142
                                                                                                                                                                          Order 45789011.exeGet hashmaliciousBrowse
                                                                                                                                                                          • 198.20.95.106
                                                                                                                                                                          loligang.armGet hashmaliciousBrowse
                                                                                                                                                                          • 69.175.98.255
                                                                                                                                                                          SINGLEHOP-LLCUSDeltaTB.exeGet hashmaliciousBrowse
                                                                                                                                                                          • 198.143.175.67
                                                                                                                                                                          armGet hashmaliciousBrowse
                                                                                                                                                                          • 181.224.143.199
                                                                                                                                                                          sora.arm7Get hashmaliciousBrowse
                                                                                                                                                                          • 65.60.30.13
                                                                                                                                                                          0HXxUcP5S4Get hashmaliciousBrowse
                                                                                                                                                                          • 198.20.85.242
                                                                                                                                                                          LAKmNB72J8Get hashmaliciousBrowse
                                                                                                                                                                          • 107.6.134.203
                                                                                                                                                                          U6lZQUtrU5Get hashmaliciousBrowse
                                                                                                                                                                          • 99.198.96.203
                                                                                                                                                                          shinto.x86Get hashmaliciousBrowse
                                                                                                                                                                          • 65.63.147.53
                                                                                                                                                                          GVlpP9RL5tGet hashmaliciousBrowse
                                                                                                                                                                          • 96.127.141.195
                                                                                                                                                                          test.dllGet hashmaliciousBrowse
                                                                                                                                                                          • 107.6.164.82
                                                                                                                                                                          specification-806170894.xlsGet hashmaliciousBrowse
                                                                                                                                                                          • 172.96.186.148
                                                                                                                                                                          specification-806170894.xlsGet hashmaliciousBrowse
                                                                                                                                                                          • 172.96.186.148
                                                                                                                                                                          8PNWNtxdR5Get hashmaliciousBrowse
                                                                                                                                                                          • 65.62.12.142
                                                                                                                                                                          yVCmb25cxQGet hashmaliciousBrowse
                                                                                                                                                                          • 181.224.143.167
                                                                                                                                                                          sora.x86Get hashmaliciousBrowse
                                                                                                                                                                          • 65.62.1.113
                                                                                                                                                                          COSCO SHIPPING AGENCY.exeGet hashmaliciousBrowse
                                                                                                                                                                          • 65.60.11.250
                                                                                                                                                                          M2021-D-074.exeGet hashmaliciousBrowse
                                                                                                                                                                          • 107.6.155.186
                                                                                                                                                                          re2.arm7Get hashmaliciousBrowse
                                                                                                                                                                          • 108.163.249.5
                                                                                                                                                                          i586Get hashmaliciousBrowse
                                                                                                                                                                          • 65.62.12.142
                                                                                                                                                                          Order 45789011.exeGet hashmaliciousBrowse
                                                                                                                                                                          • 198.20.95.106
                                                                                                                                                                          loligang.armGet hashmaliciousBrowse
                                                                                                                                                                          • 69.175.98.255

                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                          No context

                                                                                                                                                                          Dropped Files

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\BExternal.dllDeltaTB.exeGet hashmaliciousBrowse
                                                                                                                                                                            cf9f3c05-00c9-4008-846e-7d9a88232305.exeGet hashmaliciousBrowse

                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                              C:\Program Files\Unlocker\README.TXT
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1689
                                                                                                                                                                              Entropy (8bit):4.70951895283198
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:bQOdZha0FcSV1TRyr005QmiLB3pmNv+kFEwRywEuwChXthNl8krzcLd2ULt:Dxe41TkzH0mNBjAn3qZ2krzSDLt
                                                                                                                                                                              MD5:F3B322AADB14E1B2BA9BF38972DC216C
                                                                                                                                                                              SHA1:4564F088EC683F8A89894B8158A79D358693BBA8
                                                                                                                                                                              SHA-256:B604FA4D14829D2D5B55F94D9B7298417ACD0949E4F4C1483A4411BC4968AFAC
                                                                                                                                                                              SHA-512:9A8E5D36328A796FED7D07E82E45F001EC5891B01B54B47D20D90B6A982D1B8240F9EAB3EDDE7F5D271B3667F54D0AAEF4B21C9D1E50B265E70B3E65EE37573C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview: Unlocker for Windows 2000, XP, 2003, Vista and 7 both 32 and 64 bits...Copyright (C) 2005-2011 Cedrick Collomb / Empty Loop..unlocker.emptyloop.com....Using Unlocker..--------------....How often have you tried to delete or rename a file or folder and got.."Cannot delete xxx: It is being used by another person or program." ?....Unlocker is a tool which will help you overcoming this scandalous Windows..bug.....Simply right click the file or folder and select Unlocker. If the file..or folder is locked then a window will appear with a list of processes..locking the file or folder. Select the locks and click Unlock and you ..are done.....It is recommended to Unlock wisely and to close open processes locking..files or folder if any, but if only Explorer.exe is the culprit, do not..hesitate! :D....Terms of Use..------------....This software is provided "as is", without any guarantee made..as to its suitability or fitness for any particular use. It may..contain bugs, so use of this tool is at
                                                                                                                                                                              C:\Program Files\Unlocker\Unlocker.exe
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):124928
                                                                                                                                                                              Entropy (8bit):6.117157328512671
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:QjL8UYqusRZHN+R6iJBf232Qxl1D5ljFerDUF7TGMvB+xpgGfGlbPMcpEkAEAG+L://sRZt+R6+232QLADzMvYonfgQ/Y39
                                                                                                                                                                              MD5:0A77F732624155A215F5CA54DF9B2930
                                                                                                                                                                              SHA1:172BDF71343DD6544CFBE04ABBC3DEC4535F7D84
                                                                                                                                                                              SHA-256:A0B651038C4301F70E4AEA506EB90EDC584A5C4CA46880C7DC2AE5EAFA6DC506
                                                                                                                                                                              SHA-512:6482C9FC3B5FF9D5798DEB9965B4DFAB9BA62B889E921011696F29DD96B813194A59F76A52A88FA4962317C6A43A21122C857E4CA80C6C4360C2CEE544117352
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........q..."..."...".E."..."..."..."..."..."..."..."..."..."Rich..."........PE..d..."..P..........#..........|.................@.....................................................................................................p.......P.......................................................................................................text............................... ..`.data....d..........................@....pdata.......P......................@..@.CRT....(....`......................@..@.rsrc........p......................@..@................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              C:\Program Files\Unlocker\Unlocker.url
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:MS Windows 95 Internet shortcut text (URL=<http://unlocker.emptyloop.com/>), ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):56
                                                                                                                                                                              Entropy (8bit):4.431719878492293
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:HRAbABGQYm/2oWtV6JnRyn:HRYFVm/Xo6yn
                                                                                                                                                                              MD5:2043E152CBAA21E30B53B6D6C50CD780
                                                                                                                                                                              SHA1:544AA2ADF641B1D7330DB20D268308BD9F680917
                                                                                                                                                                              SHA-256:2253C9CEB715D173ABAE90D4836A6A506E6049FEF0FC98D1649AB57ED94707AC
                                                                                                                                                                              SHA-512:865249F3979BF76C26E1455AEFC3E4B92D0B8259398D068066D3F3B9EF945EE0A78BB7616638092C120337F348A063A22A16857CC86B7450FFE55FDF5638189A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: [InternetShortcut]..URL=http://unlocker.emptyloop.com/..
                                                                                                                                                                              C:\Program Files\Unlocker\UnlockerCOM.dll
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):20032
                                                                                                                                                                              Entropy (8bit):6.120916226027237
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:b0cviyVcgoH1a3FveCAmbtQ/o8DhQLMwdYJLygbPbCQW1M6jjDAa:b03nTHsFv+/oih5FLfbCPMmjl
                                                                                                                                                                              MD5:5FE324D6C1DC481136742AB5FB8F6672
                                                                                                                                                                              SHA1:02F2D4476006CECD771DE3CBE247E432950AE916
                                                                                                                                                                              SHA-256:0A66B19BB38385A8879633DCE1272B8ACF1B4B264C88E254345EC249335B41B1
                                                                                                                                                                              SHA-512:FAA76477503923D1C14A12F00D7D416E5FBB485560EA02ED1E6EF6337F9AD88BC612AF241EA61C8F9003253CCF5F66B2C7CE4A508BB2ADC761C4F36AC345195D
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*../n.~|n.~|n.~|.F.|l.~|.F.|a.~|n..|C.~|I..|o.~|I..|o.~|I..|o.~|I..|o.~|Richn.~|........................PE..d......K.........." ..... ...........".......................................p......................................................@........(.......P..|....@.......4..@....`..(....................................................................................text............ .................. ..`.data...0....0.......$..............@....pdata.......@.......&..............@..@.rsrc...|....P.......(..............@..@.reloc..P....`.......2..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              C:\Program Files\Unlocker\UnlockerDriver5.sys
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):12352
                                                                                                                                                                              Entropy (8bit):6.464105601913163
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:dqD9l0Hvj1+z7PcFVyowJL/W6Mgb5+ebCfYEQpkqs1I5Zgjl50Xe:60HvozjeVYJLygbPbCQW1M6jYXe
                                                                                                                                                                              MD5:9DC07E73A4ABB9ACF692113B36A5009F
                                                                                                                                                                              SHA1:0C45B0FA0718E5ABA0F21F14178597A1ED3FC208
                                                                                                                                                                              SHA-256:CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34
                                                                                                                                                                              SHA-512:7BB2F07DF990689933B344D2E3061A5E1324ABA011E703130379ED24B253BDD464C9D26B8EFE2D86523F241236FF1B7EDB02919801850BB749849215B1FABF57
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S....................w......q....0;.....0;.....Rich...................PE..d.....K.........."..................0.........@....................................W........................................................A..(....p.......`..........@............................................................@..p............................text...D........................... ..`PAGE......... ...................... ..`INIT....+....0...................... ..`.rdata..R....@......................@..@.data........P......................@....pdata.......`......................@..@.rsrc........p......................@..@........................................................................................................................................................................................................................................................
                                                                                                                                                                              C:\Program Files\Unlocker\UnlockerInject32.exe
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):11840
                                                                                                                                                                              Entropy (8bit):6.714063708551743
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:kpjAiTRs0TjebH947yowJL/W6Mgb5+ebCfYEQpkqs1I5Zgjl5w:kWIsUgHqYJLygbPbCQW1M6jk
                                                                                                                                                                              MD5:5B964DBCC99EDEE45A6F235417713A93
                                                                                                                                                                              SHA1:E65BB79A470A509A50B4C275C10BC10892AB11CA
                                                                                                                                                                              SHA-256:3B1AFEA2711E5D731A60B41E87F4711FE1DB3345FA316BE20347376068479DD5
                                                                                                                                                                              SHA-512:60DD41E0434FCC7D6D57A02D69CD47C2B74C9C18316F59AEE88DA087C22C3E8408AA94AB9738EDC1B229DB8F83E620354394AE3847E216C2BCE33DC0D3E62743
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.R...<...<...<.2.G...<...=...<.2.R...<.2.@...<.2.D...<.Rich..<.........................PE..L.../..K............................Q........ ....@..........................@..............................................t...d....0..................@...............................................................\............................text............................... ..`.data........ ......................@....rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              C:\Program Files\Unlocker\uninst.exe
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):98302
                                                                                                                                                                              Entropy (8bit):6.9288137123184175
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:LLXB65939tY6HBg4sXJH3VRRYia6S+0hyc1tb/ny+ti8wgdK8gM6srLnV+:LLk395hYXJy+Hetb/nsZh8gMJn4
                                                                                                                                                                              MD5:CBC4DC3DC6588687641D7FFD626A0156
                                                                                                                                                                              SHA1:3BEF23915D9469FD93BDC6DF447DD596D01F233D
                                                                                                                                                                              SHA-256:DA85CD2439827EDF0C06E9B5F6780182F50DADB6608512BA86989F6905C5F6D8
                                                                                                                                                                              SHA-512:6E0A86A35C6B46BEE9E0D5A1796A360BDF0DB1B79CCB9BCB8F18631EC500350F245C2E11E38C5EA4BE3846017CBFE725FC643F3FAD14695FCD683026D3C5B3C6
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i..iw..iu..i...i..id..i!..i...i...it..iRichu..i........................PE..L......K.................Z...........0.......p....@..........................@...............................................s..........hX...........................................................................p...............................text....X.......Z.................. ..`.rdata.......p.......^..............@..@.data...x............p..............@....ndata.......@...........................rsrc...hX.......Z...t..............@..@................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              C:\Users\user\AppData\Local\Babylon\Setup\Setup2.zpb
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):3844
                                                                                                                                                                              Entropy (8bit):7.9473327809209735
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:JoZggOWDGmubGYXwfR1ZCeeIV7Bwbuq44oP:yy3WFYXwNneEIA3
                                                                                                                                                                              MD5:5E6230B3B16798E23720958756AC6D9E
                                                                                                                                                                              SHA1:C7BCB001C48A67D4C9D6E70E92473EBD85B30585
                                                                                                                                                                              SHA-256:D49EC47F5D27A09A17E00A6EB78F49A761C9F5881EC81FB07CC49FD0A5F287B2
                                                                                                                                                                              SHA-512:6B1C132F0E4FC2CA6B5E8D807671C586D84E044E4DB8380682FD4D071160177C0F7E7A6AFAE3EE74A4FBD5C65ACA0C0876948F5A42DEAFDBB685C5B7989B5AAE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: .x.......]....L".........=...O...k..#...-Xi;.).s_.!.Ep7.QP..:,D..Z.zK..^.2..@..w.BF.RA-.E.(u.o.}..Z..KV..U..r..%Z....y.2Gg..V^....^..H..e...A.....p...;H9..Q'aU3..m/..'..'.By..I.....A.|...=.h..B'-...>.........(..c...5..?...}...q..S.VN..Ju...v..Z.....]..f...\O].X....P;+^..U.3...t8F."..d._........A..[.TY..,.O.....4A..z...A.Z..b1..Xr.R..!z\..D..v.).Y..JD....G..u^..%.N<..ZG(..\D..J.&....L[..... .../..a.z. }..a..rs)l...-^^...........{..l...v.&...5.)...F?..R.yS.t...=~IF..!.".[`.4V...5..kIZE....qM..#...1...qW.~.....;.K....w.^....{..s.%.U|....ns./9..%..x>CY...V.k.....9y..%.x.KA].T.T....5.;..{".B..M2.....3...2.q..WU}....2..}hyo.5.<3.....4Aa.[..H.`.}...o.....Zu..['...j..\B{.7H..\.*u.....3(..`..b...eRU..,.K=nM..dx.h..o.$...TV.k1.f..3.....?.t.....q...TG.q..a.p......W..?."u].@L.D.P..kY.....^<..`..Xaq~..R.N..A*.{w.=.6..<...Xo'.hc.Ok......*.!}..5..y.e._....)aM...c.j.&M...<"..ML..x....O....m.E.=..W.xx.J.S*[OR..V........\...3.A.CK..AY..XZ.c...m..
                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\downloader[1].htm
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):274
                                                                                                                                                                              Entropy (8bit):5.925546659669212
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:T3C1NyQx7MwvJ043t3wuqzHBa9j4CaJaoQ3yvZR+n:j8x7QAt3JwhWaQCvv+
                                                                                                                                                                              MD5:66AC3BAE1AF259D143B7E5B7ED33FCBA
                                                                                                                                                                              SHA1:0DBA3F19AA54AFECEEDE904E9CCB9ACBAA7C8CD0
                                                                                                                                                                              SHA-256:39192ECB5ED65522CFE1FBFDEF832648036634B856B4A036876746E28E852DF6
                                                                                                                                                                              SHA-512:73187D11A31604D3478772B5DA23310D927FAFC5A9EBA44B925B9ADD44B7E56FE05702C6C2888C2D14BAC8CB155BFBE89634562D2DAAA28083CCF1F19FE34E3D
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: !-trkInfo=[TType:5012_7];#DQ0BWQFd4nGNiYGZiYGEFYjYgNgFiFiYGZkYHZ&3ikhQ3twjPvOKSHAX9nLx022gfRz&3WAX9xLScEtukxKTi4hIF&dK8TKCKxJwcx5wcBgEwiJ2ruxMA0PcVLQ;#DQyEgeJxjYmBmYmBhBWI2IDYCYi5GVsYGARB41vZ8IgAW5QQg;$http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpb;
                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Setup2[1].zpb
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):3844
                                                                                                                                                                              Entropy (8bit):7.9473327809209735
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:JoZggOWDGmubGYXwfR1ZCeeIV7Bwbuq44oP:yy3WFYXwNneEIA3
                                                                                                                                                                              MD5:5E6230B3B16798E23720958756AC6D9E
                                                                                                                                                                              SHA1:C7BCB001C48A67D4C9D6E70E92473EBD85B30585
                                                                                                                                                                              SHA-256:D49EC47F5D27A09A17E00A6EB78F49A761C9F5881EC81FB07CC49FD0A5F287B2
                                                                                                                                                                              SHA-512:6B1C132F0E4FC2CA6B5E8D807671C586D84E044E4DB8380682FD4D071160177C0F7E7A6AFAE3EE74A4FBD5C65ACA0C0876948F5A42DEAFDBB685C5B7989B5AAE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: .x.......]....L".........=...O...k..#...-Xi;.).s_.!.Ep7.QP..:,D..Z.zK..^.2..@..w.BF.RA-.E.(u.o.}..Z..KV..U..r..%Z....y.2Gg..V^....^..H..e...A.....p...;H9..Q'aU3..m/..'..'.By..I.....A.|...=.h..B'-...>.........(..c...5..?...}...q..S.VN..Ju...v..Z.....]..f...\O].X....P;+^..U.3...t8F."..d._........A..[.TY..,.O.....4A..z...A.Z..b1..Xr.R..!z\..D..v.).Y..JD....G..u^..%.N<..ZG(..\D..J.&....L[..... .../..a.z. }..a..rs)l...-^^...........{..l...v.&...5.)...F?..R.yS.t...=~IF..!.".[`.4V...5..kIZE....qM..#...1...qW.~.....;.K....w.^....{..s.%.U|....ns./9..%..x>CY...V.k.....9y..%.x.KA].T.T....5.;..{".B..M2.....3...2.q..WU}....2..}hyo.5.<3.....4Aa.[..H.`.}...o.....Zu..['...j..\B{.7H..\.*u.....3(..`..b...eRU..,.K=nM..dx.h..o.$...TV.k1.f..3.....?.t.....q...TG.q..a.p......W..?."u].@L.D.P..kY.....^<..`..Xaq~..R.N..A*.{w.=.6..<...Xo'.hc.Ok......*.!}..5..y.e._....)aM...c.j.&M...<"..ML..x....O....m.E.=..W.xx.J.S*[OR..V........\...3.A.CK..AY..XZ.c...m..
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):785904
                                                                                                                                                                              Entropy (8bit):7.996461190547012
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:12288:XSsZfDKTpv0aNjLDiIx56qQDtOZTIzOjAWe0YiZ2PADaRx6Zfuc//yTuXbdir7+:XSiGTpTLDxxwqQcqOj5eyHox6ZGmAuXr
                                                                                                                                                                              MD5:EB2764885565B6C01CB32E5F51F213B3
                                                                                                                                                                              SHA1:CC41CADBBD6BA6ED0BFDD17798B4C9F94D7955E0
                                                                                                                                                                              SHA-256:D7146999FF94B3AE092F3213DDF0217615F1D38798393B66778D11AAE2B68EAF
                                                                                                                                                                              SHA-512:AC88795B2E8260ACE9EB57D2A3FDC4AADB18E2CB0AFD780459F51D25F83B34F7033425DC712655E423EBA4E011FD2776F53463042F2C2D9DD427554C04CC840E
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: Metadefender, Detection: 26%, Browse
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 45%
                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......aJh.%+..%+..%+..,S..$+..,S..-+....}. +..%+..;+..,S..-+..,S..$+..Rich%+..........PE..L...Ri@Q.....................................@....@.......................... .......\....@.................................LB..<....`..(............................@...............................................@..x............................text....-.......................... ..`.rdata..L....@.......2..............@..@.data........P.......8..............@....rsrc...(....`.......:..............@..@.reloc..L...........................@..B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\BExternal.dll
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):132096
                                                                                                                                                                              Entropy (8bit):6.077194684081875
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:aKpmHnzBkCQDQsjqpw/pAsRiYt5+IvNkGNr3jk2zzfrFabmhu5J0tHS+f:aKpmHnCClMSNK+ETHfrFar5J0tF
                                                                                                                                                                              MD5:B212865E7E478A28A97268F960079A8D
                                                                                                                                                                              SHA1:DED201AE02FB9EA3646489AFEDA49270C4620D9C
                                                                                                                                                                              SHA-256:D6138AEF3F7674E2442ADD75013C86CA8FDA3D5BA69737A9B881E7F7BBC730E6
                                                                                                                                                                              SHA-512:D973F9CB45D2035A8546BBDF77FA1B239A3F1E4BA2B17D32195A1CFED13FE06AAF48B91A133CEBD7E53481AB5A5E9166329B730587B46A154B193779DA6AD737
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: Metadefender, Detection: 2%, Browse
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                              • Filename: DeltaTB.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: cf9f3c05-00c9-4008-846e-7d9a88232305.exe, Detection: malicious, Browse
                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5..w[..w[..w[.....w[.....w[.....w[..%..w[.. ..w[..5..w[..wZ.pw[.....w[.....w[..%..w[.....w[.Rich.w[.........PE..L.....P...........!.....V..........(p.......p...............................`............@.........................`...S.......d.... .......................0.......r..................................@............p......l...`....................text....U.......V.................. ..`.rdata...K...p...L...Z..............@..@.data..../..........................@....SHARDAT. ......."..................@....rsrc........ ......................@..@.reloc... ...0..."..................@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Babylon.dat
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):12384
                                                                                                                                                                              Entropy (8bit):5.999166475309639
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:6SqGSumjR7rVILJ7hzEJboFI1BI1x7RpjEie/X6S8k0oP0dNdNhkAU0RSB2rBkEl:iGJmRyJyJb71C1x7R4a+0RSGPB
                                                                                                                                                                              MD5:825E5733974586A0A1229A53361ED13E
                                                                                                                                                                              SHA1:9EC5B8944C6727FDA6FDC3C18856884554CF6B31
                                                                                                                                                                              SHA-256:0A90B96EAF5D92D33B36F73B36B7F9CE3971E5F294DA51ED04DA3FB43DD71A96
                                                                                                                                                                              SHA-512:FF039E86873A1014B1F8577AEC9B4230126B41CC204A6911CD372D224B8C07996D4BB2728A06482C5E98FB21F2D525395491F29D428CDD5796A26E372AF5AD4E
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: Ao...............................d......2.......................................................'...Babylon Trial..........2.............................................................'...Babylon..........2..............'...Englishtown..........2............................................................................'...Babylon..........2....'...Babylon Viewer..........2........................... ......'...Babylon Public..........2........................'..-Babylon Online/Offline Viewer..........2........................'..%Babylon Online Viewer..........2........................'..&Babylon Offline Viewer..........2........................'..&Babylon Premium Viewer..........2................................ ......'..#Babylon-Pro Classic..........2............................................................................'..+Babylon (Corporate Edition)..........2.......................................... ......'.."Babylon (Standard)..........2..............'...Englishtown.......
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\HtmlScreens\loading.html
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):644
                                                                                                                                                                              Entropy (8bit):5.2453607077208835
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:hnMEwuiuX4w4vy4WhPHMNUyXUoZhYpNtlVGlKN7HClolEJqNYMxhCRCBRPGu:hMNmMvy4WJHGp/YEaREJNMN5
                                                                                                                                                                              MD5:F50FA4673555652289652753183FD1EE
                                                                                                                                                                              SHA1:F496797F0D34EB866D6328D2FD1492B485F74D0A
                                                                                                                                                                              SHA-256:AFB21B51CEAD30ED14F79293D50B9C3C7A706B5287AAD6CDE06EA44A364DF812
                                                                                                                                                                              SHA-512:6E92B13343AD35A8A8C61E54CE3ABB9A28ABEEC4AA8C765326E0D1EC111C7656D8F0F349C44820FB1ABA6730C22F84F7411C0C0B24322BDAA8A977B79BAA23DA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..</head>..<body style="width:550px; background-color:#d4e7fe">.. <div id="bdy" style="margin: 150px auto; height: 100px; width: 220px;">.. <div>.. <div style="text-align:center; font-size:17px; padding:2px; behavior: url(#default#BabDefBhv:text);">IDS_LOADING</div>.. <div style="margin:5px auto; width:32px;">.. <img id="roundProgress" src="pBar.gif" />.. </div>.. </div>.. </div>..</body>..</html>..
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\HtmlScreens\navError.html
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):926
                                                                                                                                                                              Entropy (8bit):5.348370067881831
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:hnMEwuiuX4w4vy4Wh7qJmuMu5+nulOlkkQ2VMCHMNUyXUoZhY+dDNtloNGlomqNt:hMNmMvy4Wa9XlgkkQ+MCHGp/Y+dFzsx5
                                                                                                                                                                              MD5:0C464E407C81764EBC09EACBE41F0B3E
                                                                                                                                                                              SHA1:245AFE550A05215E5873D8F5F21C22D12AA46B6A
                                                                                                                                                                              SHA-256:770A302BC58B513472AA603AE44A365A6F4F8CBDDC13D2692F71B09F143F8A26
                                                                                                                                                                              SHA-512:71070FCD243CBB3E4452874ECAF8E20E13CBBBAD0009CE543CA49601FACC1AB1906C298849D3B8FB5747DF1109F8E85946243EC7BFA0EAD97CA0AED9EC8D3DFC
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>.. <script type="text/javascript">.. function exitSetup() {... window.external.openPage('{"name":"error"}');...}.. function onXBtnPress() {... exitSetup();... return true;.. }.. </script>..</head>..<body style="width:550px; background-color:#d4e7fe">.. <div id="bdy" style="margin: 150px auto; height: 100px; width: 500px;">.. <div>.. <div style="font-size:17px; padding:2px; behavior: url(#default#BabDefBhv:text);">IDS_NAV_ERROR</div>.. <div style="margin:30px auto; width:32px;">.. <input type="button" id="exit" value="BTN_CLOSE" class="BAB_BhvElm" onclick="exitSetup()" style="behavior: url(#default#BabDefBhv:text);" />.. </div>.. </div>.. </div>..</body>..</html>..
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\HtmlScreens\pBar.gif
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                                              File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):3208
                                                                                                                                                                              Entropy (8bit):7.524069178961416
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:3CwXprsPLjhI4TRpiPDZmjbzpB0IDmkgl/gpx2ugG1LyZtAegoA/3wlSMilKphGa:3J5YPxIRiq/qpx2F3ZtA1oC3TMnphOQ
                                                                                                                                                                              MD5:26621CB27BBC94F6BAB3561791AC013B
                                                                                                                                                                              SHA1:4010A489350CF59FD8F36F8E59B53E724C49CC5B
                                                                                                                                                                              SHA-256:E512D5B772FEF448F724767662E3A6374230157E35CAB6F4226496ACC7AA7AD3
                                                                                                                                                                              SHA-512:9A19E8F233113519B22D9F3B205F2A3C1B59669A0431A5C3EF6D7ED66882B93C8582F3BAA13DF4647BCC265D19F7C6543758623044315105479D2533B11F92C6
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: GIF89a . ......."G....~.....Gh.]|..........6Y.$H..........!..Created with ajaxload.info.!.......!..NETSCAPE2.0.....,.... . ......Iia....bK.$.F...R.A.T.,..2S.*05//.m.p!z...0...;$.0C....I*!.HC(A@.o...!39T5.\.8)....`..d..wxG=Y..g...wHb..v.A=.0.V\.\.;........;...H.........0..t%.Hs..rY<H..........b..Z.b.OEg:...GY]..=.A.OQ.s....\b.h.9.=sg...c..e....*...f.7D..!.......,.... . ......IiY...YF5..F..R..Tb.G.J....L..d...&.Ymx...... \...@........ ....1..&R....H..4.1Q..|V..%.z.v...#j0....l.Gg{0~..<.<..[.[.h.x..G...y.........[.0....G.....P.z...h...kz..i....y....h|z.h.G..V.......\h..[........&.+..W.7.8...!..!.......,.... . ......I)1....1G5d].(..R..T2..jL.{..< .[.5.M....0..)... L...I...m..E..`....p..U....^f.%..^.......u.;..zz.}0.X....S0.ew.y.k<..%..O.......z..{....|......%......F.i.1.0......Y.....8.x.....z..@....<...............8..Y<......8.\.P.$...!......!.......,.... . ......I.....g.EU... .R.a.TB.....p>'...e..$.."...\.#E1C.n.....~...J.,..,Aa.....Uw^4.I%P....u.Q.33.{0..i1T
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\IEHelper.dll
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):6144
                                                                                                                                                                              Entropy (8bit):4.32136921936664
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:/JWaDD77eJq0VOs/i5VSweLvuRBUlXVCt6:BT77Gq0ss/4SweoBwk
                                                                                                                                                                              MD5:A21DE5067618D4F2DF261416315ED120
                                                                                                                                                                              SHA1:7759A3318DE2ABC3755EBB7F50322C6D586B5286
                                                                                                                                                                              SHA-256:6D13D2967A37BA76F840CD45DBA565C5D64938A99D886243F01713CD018E53CA
                                                                                                                                                                              SHA-512:6B5C40D09A9548FDE90C1B1127A36E813525BEA6FF80D5FB0911DDEF67954B209DF44CBF4714CD00C4E2E4DA90CFC4967DB7174C28F751F7C5B881FA18CC938A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: Metadefender, Detection: 7%, Browse
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v..............................o.......o.......o......Rich............................PE..L.....P...........!......................... ......................................V}....@..........................#..w...."..P....`.......................p......P ............................................... ..L............................text............................... ..`.rdata....... ......................@..@.data.... ...0......................@....rsrc........`......................@..@.reloc.......p......................@..B................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\BExternal.dll
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):132096
                                                                                                                                                                              Entropy (8bit):6.077194684081875
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:aKpmHnzBkCQDQsjqpw/pAsRiYt5+IvNkGNr3jk2zzfrFabmhu5J0tHS+f:aKpmHnCClMSNK+ETHfrFar5J0tF
                                                                                                                                                                              MD5:B212865E7E478A28A97268F960079A8D
                                                                                                                                                                              SHA1:DED201AE02FB9EA3646489AFEDA49270C4620D9C
                                                                                                                                                                              SHA-256:D6138AEF3F7674E2442ADD75013C86CA8FDA3D5BA69737A9B881E7F7BBC730E6
                                                                                                                                                                              SHA-512:D973F9CB45D2035A8546BBDF77FA1B239A3F1E4BA2B17D32195A1CFED13FE06AAF48B91A133CEBD7E53481AB5A5E9166329B730587B46A154B193779DA6AD737
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: Metadefender, Detection: 2%, Browse
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5..w[..w[..w[.....w[.....w[.....w[..%..w[.. ..w[..5..w[..wZ.pw[.....w[.....w[..%..w[.....w[.Rich.w[.........PE..L.....P...........!.....V..........(p.......p...............................`............@.........................`...S.......d.... .......................0.......r..................................@............p......l...`....................text....U.......V.................. ..`.rdata...K...p...L...Z..............@..@.data..../..........................@....SHARDAT. ......."..................@....rsrc........ ......................@..@.reloc... ...0..."..................@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\Babylon.dat
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):12384
                                                                                                                                                                              Entropy (8bit):5.999166475309639
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:6SqGSumjR7rVILJ7hzEJboFI1BI1x7RpjEie/X6S8k0oP0dNdNhkAU0RSB2rBkEl:iGJmRyJyJb71C1x7R4a+0RSGPB
                                                                                                                                                                              MD5:825E5733974586A0A1229A53361ED13E
                                                                                                                                                                              SHA1:9EC5B8944C6727FDA6FDC3C18856884554CF6B31
                                                                                                                                                                              SHA-256:0A90B96EAF5D92D33B36F73B36B7F9CE3971E5F294DA51ED04DA3FB43DD71A96
                                                                                                                                                                              SHA-512:FF039E86873A1014B1F8577AEC9B4230126B41CC204A6911CD372D224B8C07996D4BB2728A06482C5E98FB21F2D525395491F29D428CDD5796A26E372AF5AD4E
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: Ao...............................d......2.......................................................'...Babylon Trial..........2.............................................................'...Babylon..........2..............'...Englishtown..........2............................................................................'...Babylon..........2....'...Babylon Viewer..........2........................... ......'...Babylon Public..........2........................'..-Babylon Online/Offline Viewer..........2........................'..%Babylon Online Viewer..........2........................'..&Babylon Offline Viewer..........2........................'..&Babylon Premium Viewer..........2................................ ......'..#Babylon-Pro Classic..........2............................................................................'..+Babylon (Corporate Edition)..........2.......................................... ......'.."Babylon (Standard)..........2..............'...Englishtown.......
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\HtmlScreens\loading.html
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):644
                                                                                                                                                                              Entropy (8bit):5.2453607077208835
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:hnMEwuiuX4w4vy4WhPHMNUyXUoZhYpNtlVGlKN7HClolEJqNYMxhCRCBRPGu:hMNmMvy4WJHGp/YEaREJNMN5
                                                                                                                                                                              MD5:F50FA4673555652289652753183FD1EE
                                                                                                                                                                              SHA1:F496797F0D34EB866D6328D2FD1492B485F74D0A
                                                                                                                                                                              SHA-256:AFB21B51CEAD30ED14F79293D50B9C3C7A706B5287AAD6CDE06EA44A364DF812
                                                                                                                                                                              SHA-512:6E92B13343AD35A8A8C61E54CE3ABB9A28ABEEC4AA8C765326E0D1EC111C7656D8F0F349C44820FB1ABA6730C22F84F7411C0C0B24322BDAA8A977B79BAA23DA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..</head>..<body style="width:550px; background-color:#d4e7fe">.. <div id="bdy" style="margin: 150px auto; height: 100px; width: 220px;">.. <div>.. <div style="text-align:center; font-size:17px; padding:2px; behavior: url(#default#BabDefBhv:text);">IDS_LOADING</div>.. <div style="margin:5px auto; width:32px;">.. <img id="roundProgress" src="pBar.gif" />.. </div>.. </div>.. </div>..</body>..</html>..
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\HtmlScreens\navError.html
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):926
                                                                                                                                                                              Entropy (8bit):5.348370067881831
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:hnMEwuiuX4w4vy4Wh7qJmuMu5+nulOlkkQ2VMCHMNUyXUoZhY+dDNtloNGlomqNt:hMNmMvy4Wa9XlgkkQ+MCHGp/Y+dFzsx5
                                                                                                                                                                              MD5:0C464E407C81764EBC09EACBE41F0B3E
                                                                                                                                                                              SHA1:245AFE550A05215E5873D8F5F21C22D12AA46B6A
                                                                                                                                                                              SHA-256:770A302BC58B513472AA603AE44A365A6F4F8CBDDC13D2692F71B09F143F8A26
                                                                                                                                                                              SHA-512:71070FCD243CBB3E4452874ECAF8E20E13CBBBAD0009CE543CA49601FACC1AB1906C298849D3B8FB5747DF1109F8E85946243EC7BFA0EAD97CA0AED9EC8D3DFC
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>.. <script type="text/javascript">.. function exitSetup() {... window.external.openPage('{"name":"error"}');...}.. function onXBtnPress() {... exitSetup();... return true;.. }.. </script>..</head>..<body style="width:550px; background-color:#d4e7fe">.. <div id="bdy" style="margin: 150px auto; height: 100px; width: 500px;">.. <div>.. <div style="font-size:17px; padding:2px; behavior: url(#default#BabDefBhv:text);">IDS_NAV_ERROR</div>.. <div style="margin:30px auto; width:32px;">.. <input type="button" id="exit" value="BTN_CLOSE" class="BAB_BhvElm" onclick="exitSetup()" style="behavior: url(#default#BabDefBhv:text);" />.. </div>.. </div>.. </div>..</body>..</html>..
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\HtmlScreens\pBar.gif
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):3208
                                                                                                                                                                              Entropy (8bit):7.524069178961416
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:3CwXprsPLjhI4TRpiPDZmjbzpB0IDmkgl/gpx2ugG1LyZtAegoA/3wlSMilKphGa:3J5YPxIRiq/qpx2F3ZtA1oC3TMnphOQ
                                                                                                                                                                              MD5:26621CB27BBC94F6BAB3561791AC013B
                                                                                                                                                                              SHA1:4010A489350CF59FD8F36F8E59B53E724C49CC5B
                                                                                                                                                                              SHA-256:E512D5B772FEF448F724767662E3A6374230157E35CAB6F4226496ACC7AA7AD3
                                                                                                                                                                              SHA-512:9A19E8F233113519B22D9F3B205F2A3C1B59669A0431A5C3EF6D7ED66882B93C8582F3BAA13DF4647BCC265D19F7C6543758623044315105479D2533B11F92C6
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: GIF89a . ......."G....~.....Gh.]|..........6Y.$H..........!..Created with ajaxload.info.!.......!..NETSCAPE2.0.....,.... . ......Iia....bK.$.F...R.A.T.,..2S.*05//.m.p!z...0...;$.0C....I*!.HC(A@.o...!39T5.\.8)....`..d..wxG=Y..g...wHb..v.A=.0.V\.\.;........;...H.........0..t%.Hs..rY<H..........b..Z.b.OEg:...GY]..=.A.OQ.s....\b.h.9.=sg...c..e....*...f.7D..!.......,.... . ......IiY...YF5..F..R..Tb.G.J....L..d...&.Ymx...... \...@........ ....1..&R....H..4.1Q..|V..%.z.v...#j0....l.Gg{0~..<.<..[.[.h.x..G...y.........[.0....G.....P.z...h...kz..i....y....h|z.h.G..V.......\h..[........&.+..W.7.8...!..!.......,.... . ......I)1....1G5d].(..R..T2..jL.{..< .[.5.M....0..)... L...I...m..E..`....p..U....^f.%..^.......u.;..zz.}0.X....S0.ew.y.k<..%..O.......z..{....|......%......F.i.1.0......Y.....8.x.....z..@....<...............8..Y<......8.\.P.$...!......!.......,.... . ......I.....g.EU... .R.a.TB.....p>'...e..$.."...\.#E1C.n.....~...J.,..,Aa.....Uw^4.I%P....u.Q.33.{0..i1T
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\IEHelper.dll
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):6144
                                                                                                                                                                              Entropy (8bit):4.32136921936664
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:/JWaDD77eJq0VOs/i5VSweLvuRBUlXVCt6:BT77Gq0ss/4SweoBwk
                                                                                                                                                                              MD5:A21DE5067618D4F2DF261416315ED120
                                                                                                                                                                              SHA1:7759A3318DE2ABC3755EBB7F50322C6D586B5286
                                                                                                                                                                              SHA-256:6D13D2967A37BA76F840CD45DBA565C5D64938A99D886243F01713CD018E53CA
                                                                                                                                                                              SHA-512:6B5C40D09A9548FDE90C1B1127A36E813525BEA6FF80D5FB0911DDEF67954B209DF44CBF4714CD00C4E2E4DA90CFC4967DB7174C28F751F7C5B881FA18CC938A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v..............................o.......o.......o......Rich............................PE..L.....P...........!......................... ......................................V}....@..........................#..w...."..P....`.......................p......P ............................................... ..L............................text............................... ..`.rdata....... ......................@..@.data.... ...0......................@....rsrc........`......................@..@.reloc.......p......................@..B................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\Setup2.zpb
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):3844
                                                                                                                                                                              Entropy (8bit):7.9473327809209735
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:JoZggOWDGmubGYXwfR1ZCeeIV7Bwbuq44oP:yy3WFYXwNneEIA3
                                                                                                                                                                              MD5:5E6230B3B16798E23720958756AC6D9E
                                                                                                                                                                              SHA1:C7BCB001C48A67D4C9D6E70E92473EBD85B30585
                                                                                                                                                                              SHA-256:D49EC47F5D27A09A17E00A6EB78F49A761C9F5881EC81FB07CC49FD0A5F287B2
                                                                                                                                                                              SHA-512:6B1C132F0E4FC2CA6B5E8D807671C586D84E044E4DB8380682FD4D071160177C0F7E7A6AFAE3EE74A4FBD5C65ACA0C0876948F5A42DEAFDBB685C5B7989B5AAE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: .x.......]....L".........=...O...k..#...-Xi;.).s_.!.Ep7.QP..:,D..Z.zK..^.2..@..w.BF.RA-.E.(u.o.}..Z..KV..U..r..%Z....y.2Gg..V^....^..H..e...A.....p...;H9..Q'aU3..m/..'..'.By..I.....A.|...=.h..B'-...>.........(..c...5..?...}...q..S.VN..Ju...v..Z.....]..f...\O].X....P;+^..U.3...t8F."..d._........A..[.TY..,.O.....4A..z...A.Z..b1..Xr.R..!z\..D..v.).Y..JD....G..u^..%.N<..ZG(..\D..J.&....L[..... .../..a.z. }..a..rs)l...-^^...........{..l...v.&...5.)...F?..R.yS.t...=~IF..!.".[`.4V...5..kIZE....qM..#...1...qW.~.....;.K....w.^....{..s.%.U|....ns./9..%..x>CY...V.k.....9y..%.x.KA].T.T....5.;..{".B..M2.....3...2.q..WU}....2..}hyo.5.<3.....4Aa.[..H.`.}...o.....Zu..['...j..\B{.7H..\.*u.....3(..`..b...eRU..,.K=nM..dx.h..o.$...TV.k1.f..3.....?.t.....q...TG.q..a.p......W..?."u].@L.D.P..kY.....^<..`..Xaq~..R.N..A*.{w.=.6..<...Xo'.hc.Ok......*.!}..5..y.e._....)aM...c.j.&M...<"..ML..x....O....m.E.=..W.xx.J.S*[OR..V........\...3.A.CK..AY..XZ.c...m..
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\SetupStrings.dat
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):91790
                                                                                                                                                                              Entropy (8bit):7.9969876797429755
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:1536:YYMRZJnf4lTn61qnl4nJszUaFsQZFWT9a5wSFU/BTi5MjmMoa7OYCVumZJBE:YYgJmOs4nJwFRZFSa5vUoumaE8mZJBE
                                                                                                                                                                              MD5:407846797C5BA247ABEB5FA7C0C0BA05
                                                                                                                                                                              SHA1:44386455EED8E74D75E95E9E81E96A19F0B27884
                                                                                                                                                                              SHA-256:0147B5B11B935310752666FCF1E6AFC922B76FF03D01A0D1EE2BABEAC10CA1E3
                                                                                                                                                                              SHA-512:7399A9228F971698DB7362AAD28D3F9694C0BF453D4529E48BC7869AF0960452CFE1A5F0A5754E7D567D81B5AA1E35BE05A9E36EC745E5470D20FD44A61D20AF
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: C.e....x..k.\...D6v......}....R.cc.4m......d..c.;.2O..*3O..<%..{........X`C.....z Q..&:.;.g&J1..NL..V..L.D..wz.L...{.GV...q.#.*.>{...z|k...#K...G?...&.......f.^..7....F.ma.....,<.\ei.4...f....{...^'.&b.u.H...o........&.>4..o2..<}{8.{....t,=.b.N.`..T...i...:..n...p.w0LBo*....-....5..7.4..{...z..n.t+.5.4.._.v..L.........i.g...!.@..l..N)..........!=.s..`......L.@. 9s.z.L..a..o...Z....OWj.V.^.t...p.^....q.]..ye.{.4....n...7...f38.b7.[.t..o..?..../z..3G.Vi...T.....u.~~Y.>...b.?....4B`.-.+.m...(<.b..{3.d..~....c.N..n.Q.Vj...4.q...m.f.wq.[>....Nw..7...`a,-.Ga.....|..o......FS.?......w3....Cu.#>s...0........V.'.-X.8..%...J.["......&,....Jm...v..{..K.o.......O..t..?.....>w....7..._.....T...?`..._R.E.v...L.I.*./j....#....]Q....OH.J..+7.?7.)..X..+W.?=.6Y./.\1.O.^5.P4...~..I..~$h.bE._/.|...Q4.m.p..u.ho..o~St..4n.i.b...".......V.U../.....d=..K+W...o..+...t.....[ae[.....u......{.o..U..B.S?K*W...B..?..k...cc3.....o...d...............U#.
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\bab033.tbinst.dat
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):205
                                                                                                                                                                              Entropy (8bit):4.9535990881965635
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:SC2nnnPjnu5AqBQW1ALepBTY2EUHgLJpB1GHGDusAY75E8SlQkQGEie0GUGl:SDnPoPB/mLepBREUALJv1TX9EDKJ5sGl
                                                                                                                                                                              MD5:90713AB7A74884CD36A5FB4CFCDECE8A
                                                                                                                                                                              SHA1:7BB56D08FD69A98E543B923BD0A9156F92A9C473
                                                                                                                                                                              SHA-256:BC40813F6D07DBC1A4D4C74363460D1AD6EE76275729DE4C4F10EC40D8CC46EB
                                                                                                                                                                              SHA-512:639D68135FB54264F2E21081D6CA9FFE73A94035982F4A2D7133D6D402CDD3EF4A695EEB61AD173DC6D1B8167D1F5DF2BE61A972C96F07AC357ECEC887A0D191
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: A>..................c.......e..HKEY_NONE........babtb1........8..babylonsig=0000ddc5393a3898d6fab33f1b7634f4cacf2f4dc9ddfcbcc1defbd0ce593049:0000d32e061a0029c5ccdae47322435ba6e55cac53459f5d334a8ccfc03203ca
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\bab091.norecovericon.dat
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):174
                                                                                                                                                                              Entropy (8bit):4.747151880874695
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:L2lhgnnn/9HNhcGVUDTERd8oDFLSbhlVEHgUVwkdHYzHcLSTp43FQClB/YcYN:LChgnl8GVUDTERCoDt8V8PVwkFYqSVgE
                                                                                                                                                                              MD5:4F6E1FDBEF102CDBD379FDAC550B9F48
                                                                                                                                                                              SHA1:5DA6EE5B88A4040C80E5269E0CD2B0880B20659C
                                                                                                                                                                              SHA-256:E58EA352C050E6353FB5B4FA32A97800298C1603489D3B47794509AF6C89EC4C
                                                                                                                                                                              SHA-512:54EFC9BDE44F332932A97396E59ECA5B6EA1AC72F929CCFFA1BDAB96DC3AE8D61E126ADBD26D12D0BC83141CEE03B24AD2BADA411230C4708B7A9AE9C60AECBE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: A...................j........<\...babylonsig=000073e9c01f6a45cc864dc02a0f7bf8bcabc4db855fc5bd7a04d0abc34be5df:0000050db25f8bdf7e3b9e906bf562b69d8997079c552e0c644fd006193bd428
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\bab148.spreg.dat
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):249
                                                                                                                                                                              Entropy (8bit):5.365979053267958
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:t8knqres54xUSIJY7rsNXVO5HzVUTA010HkiYKoYb7orHTMS:t8knqPCxUNYXsFcNzVUM0109Y6/ozTT
                                                                                                                                                                              MD5:A4AF0A0C254B38F2F9EECBF0E00B08FE
                                                                                                                                                                              SHA1:EF730BCE77699730DDA378DC444B997CE7CEEA7A
                                                                                                                                                                              SHA-256:810E0E32D54B9E1557DA7CCF1CA9F6354814E90DADC6B4AF5E1CBDF87FAC925A
                                                                                                                                                                              SHA-512:B74596E55E75413303559C135DB393A04D6FD6CBAB147A51AC2F46435F52B92B82868DE4E67917A7B388D82C672FA36B525B88E2EEFE7EC40695F028395DCD84
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: A@i....................@YHKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\Instl\Data...........babylonsig=000100374627dcb412ef9c7f6e6383eb408216ef2e8c99cab4a28ea690db202a:00006cc208e02b54e138d1ec1b02ef66d0b7f8e02d0d3a2c12c6a72548b0fc07
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\bab187.wl.dat
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):234
                                                                                                                                                                              Entropy (8bit):5.1257718700950665
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:elm7gnnn7nlun8FxIEyLdKC1xZ1jPAUFA9EHANrQ3wV39VuVUjKGBTc6+HYXDwDe:fgn8n8zIxdK2HG7EgNEg39MmIYXUDQQU
                                                                                                                                                                              MD5:6358860CD0C336C1F91F86BE701D77C4
                                                                                                                                                                              SHA1:5DD38B818BF0860B4C5144BA670A759D4345E4EC
                                                                                                                                                                              SHA-256:2ED42E3C958EB21352BAE4B00DB2FA5BE94149ABC64EEC93E5258B9C4A715457
                                                                                                                                                                              SHA-512:7DF3B3E1487D3A65000B6208969F1E695815133C052F369BEB36877FE5C6F64D979AEFD030A193B04A5E46FB0D97A3CC06837AA381EFE6BC24A0C084C768DAC1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: A@Z..............2........."search.babylon.com.......$www.claro-search.com...... .........9...babylonsig=000014b501afb12514e838be35fd24590f9f095658a0cdd234df33a6003ea621:0000627597f0acd7d524976ccd69bab0cb4198771d23d12f21d1af554430d7ef
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\bab307.sp_pop0.dat
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):178
                                                                                                                                                                              Entropy (8bit):4.797553801917334
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:PC2nnnxnzkS2gfE8JfizV3RT3d/7lkVVYQdyFE6MBvhShRO7H/bSGPX:62n+S2V8Vu3139lkVVYX+NB8ADT1PX
                                                                                                                                                                              MD5:0B7BE9C4B72C2C5166BFD61CA5EBBFED
                                                                                                                                                                              SHA1:AEA0AA4E8226C1B4EFCE92E909DA773744BAA6D4
                                                                                                                                                                              SHA-256:673BF972D308BC6108360575608CF72F393413F2D3993489B06DA4A6EFC749BD
                                                                                                                                                                              SHA-512:4DCD7EA01B05550ACB00B71E7E9FDD52A04FE1CC574655030DCAE94B87DAD86BFB7973ADF9185DE03BCACB100FFF758B1A2F928FCB951E2B31E320860A2226D8
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: A#..............2.................b+..babylonsig=0000b7d47988ec9b6d29c69c2d65aa0453a80949ffe47b173bcbcbaf1664b37f:0000d475e18513509c850255a7e329dacbd702f4edee04be1371ccd95bc05742
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\bab456.TB_OldWay.dat
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):174
                                                                                                                                                                              Entropy (8bit):4.752125358171384
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:L2lhgnnnShk1X3slFi0U6tgFnlHOW8O+NYXnbcE0aBSVXdE1TbSXQK:LChgnShklvkWFnd+2XbciSV0SXQK
                                                                                                                                                                              MD5:7E72D256E34635D351092955D1F8516B
                                                                                                                                                                              SHA1:7F240F8F4BD61AE59247D84D0EC85F5BC8729F36
                                                                                                                                                                              SHA-256:39EB1667A67149B5D930E5408896027E3C3FC06282735E61CB8D85F5B38F587C
                                                                                                                                                                              SHA-512:621EB4BF2864DB2FA0F861C233CED790124E9060C081948BEB7117F8C058A36ECCA23EE05CE2D6D42AF15533C050F648D276589682D91DFE699EBE871CC9AE8C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: A..............................o|.babylonsig=0000f7ffd199a6d07f03f6b2b8764a34a26e4dc1ed5ba9a3d998872127314113:0000cb9730cf6e41158f8f209a78d8121f40b07026490a300c0a084fb724d516
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\kstp.txt
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: 1
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\setup.exe
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):8704
                                                                                                                                                                              Entropy (8bit):4.98329973703044
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:TvYfTLHRm6VMp8PS5JTMNF4m1AcFM8S6Y3+IsONTv2e6BL:TvY+8PS5JwHV1Te8S6YW6Tv2e6
                                                                                                                                                                              MD5:5790A04F78C61C3CAEA7DDD6F01829D2
                                                                                                                                                                              SHA1:9D783D964338A5378280DD3C3B72519D11F73FFA
                                                                                                                                                                              SHA-256:726B0E7E515F7BD62C912B094FA95C7C2285A44E03D264F5DD9E70729C0E9606
                                                                                                                                                                              SHA-512:9134FC02095E313FCB528FA32C8534929FDDFB7B7B139A829F2B3EB32CD4C606F6D2EC6DFF57A890EA250CE1430EB272461ACCFE05164BD4CFA496C0A1474AD0
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.BSF..SF..SF....P.RF....S.[F..Z>..XF..SF..aF....R.VF....T.RF....Q.RF..RichSF..................PE..L...*.R..................................... ....@..........................p............@.................................H&..P....P.......................`......p ..8............................&..@............ ..h............................text...*........................... ..`.rdata..,.... ......................@..@.data........0......................@....CRT.........@......................@..@.rsrc........P......................@..@.reloc..B....`......................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\sqlite3.dll
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):520234
                                                                                                                                                                              Entropy (8bit):6.562174410690013
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:RgEF6lmEVKtkDCQ/kUrc7dBLhuKgrQCjBXPTnrKcCxcfKvrLJLqgx5YMk4HJ0yPF:GEEdkUrc7RuKcQCdGVtT0MkCwwV/Hn
                                                                                                                                                                              MD5:0F66E8E2340569FB17E774DAC2010E31
                                                                                                                                                                              SHA1:406BB6854E7384FF77C0B847BF2F24F3315874A3
                                                                                                                                                                              SHA-256:DE818C832308B82C2FABD5D3D4339C489E6F4E9D32BB8152C0DCD8359392695F
                                                                                                                                                                              SHA-512:39275DF6E210836286E62A95ACE7F66C7D2736A07B80F9B7E9BD2A716A6D074C79DEAE54E2D21505B74BAC63DF0328D6780A2129CDFDA93AEC1F75B523DA9E05
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h..K........... ...8.$...t...............@.....`.......................................... ......................`..,.......P...............................H!...................................................................................text....#.......$..................`..`.data...8....@.......(..............@....bss.........P...........................edata..,....`.......6..............@....idata..P............N..............@....reloc..H!......."...V..............@....stab...l............x.................B.stabstr...............................B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1898992
                                                                                                                                                                              Entropy (8bit):5.743047590845145
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24576:knARLFkMxNcIs5WLDbZfGG98dhNmpejZCPiXnE2yYH0e8U07:BFkw7s5WcYkjZCwE2dH0e8UG
                                                                                                                                                                              MD5:26F6D1B6756A83DE9755A05F7C030D75
                                                                                                                                                                              SHA1:935F58155F74B051F9123B6022B7D358B52B146F
                                                                                                                                                                              SHA-256:2ACAB7C986BBF80578C3BD998DD2D853257719CEB74C9D30BB4EA28952403D5B
                                                                                                                                                                              SHA-512:AF9603572BDDB6244A7AB0484CB3AC9ED7C91B1CEA3E3F8C8886478930DBC102925B45ED094EAA2801755644E3BB4A4C0685A423F937F4B02AF16FEEC56E4F6F
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........U........................................w............<.......<..................#...................Rich............PE..L...O<.Q.....................N......vb............@........................................................................H...T....P.. ?..........................0...................................@............................................text...U........................... ..`.rdata..VR.......T..................@..@.data....1..........................@....rsrc... ?...P...@..................@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\SetupStrings.dat
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):91790
                                                                                                                                                                              Entropy (8bit):7.9969876797429755
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:1536:YYMRZJnf4lTn61qnl4nJszUaFsQZFWT9a5wSFU/BTi5MjmMoa7OYCVumZJBE:YYgJmOs4nJwFRZFSa5vUoumaE8mZJBE
                                                                                                                                                                              MD5:407846797C5BA247ABEB5FA7C0C0BA05
                                                                                                                                                                              SHA1:44386455EED8E74D75E95E9E81E96A19F0B27884
                                                                                                                                                                              SHA-256:0147B5B11B935310752666FCF1E6AFC922B76FF03D01A0D1EE2BABEAC10CA1E3
                                                                                                                                                                              SHA-512:7399A9228F971698DB7362AAD28D3F9694C0BF453D4529E48BC7869AF0960452CFE1A5F0A5754E7D567D81B5AA1E35BE05A9E36EC745E5470D20FD44A61D20AF
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: C.e....x..k.\...D6v......}....R.cc.4m......d..c.;.2O..*3O..<%..{........X`C.....z Q..&:.;.g&J1..NL..V..L.D..wz.L...{.GV...q.#.*.>{...z|k...#K...G?...&.......f.^..7....F.ma.....,<.\ei.4...f....{...^'.&b.u.H...o........&.>4..o2..<}{8.{....t,=.b.N.`..T...i...:..n...p.w0LBo*....-....5..7.4..{...z..n.t+.5.4.._.v..L.........i.g...!.@..l..N)..........!=.s..`......L.@. 9s.z.L..a..o...Z....OWj.V.^.t...p.^....q.]..ye.{.4....n...7...f38.b7.[.t..o..?..../z..3G.Vi...T.....u.~~Y.>...b.?....4B`.-.+.m...(<.b..{3.d..~....c.N..n.Q.Vj...4.q...m.f.wq.[>....Nw..7...`a,-.Ga.....|..o......FS.?......w3....Cu.#>s...0........V.'.-X.8..%...J.["......&,....Jm...v..{..K.o.......O..t..?.....>w....7..._.....T...?`..._R.E.v...L.I.*./j....#....]Q....OH.J..+7.?7.)..X..+W.?=.6Y./.\1.O.^5.P4...~..I..~$h.bE._/.|...Q4.m.p..u.ho..o~St..4n.i.b...".......V.U../.....d=..K+W...o..+...t.....[ae[.....u......{.o..U..B.S?K*W...B..?..k...cc3.....o...d...............U#.
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\bab033.tbinst.dat
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):205
                                                                                                                                                                              Entropy (8bit):4.9535990881965635
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:SC2nnnPjnu5AqBQW1ALepBTY2EUHgLJpB1GHGDusAY75E8SlQkQGEie0GUGl:SDnPoPB/mLepBREUALJv1TX9EDKJ5sGl
                                                                                                                                                                              MD5:90713AB7A74884CD36A5FB4CFCDECE8A
                                                                                                                                                                              SHA1:7BB56D08FD69A98E543B923BD0A9156F92A9C473
                                                                                                                                                                              SHA-256:BC40813F6D07DBC1A4D4C74363460D1AD6EE76275729DE4C4F10EC40D8CC46EB
                                                                                                                                                                              SHA-512:639D68135FB54264F2E21081D6CA9FFE73A94035982F4A2D7133D6D402CDD3EF4A695EEB61AD173DC6D1B8167D1F5DF2BE61A972C96F07AC357ECEC887A0D191
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: A>..................c.......e..HKEY_NONE........babtb1........8..babylonsig=0000ddc5393a3898d6fab33f1b7634f4cacf2f4dc9ddfcbcc1defbd0ce593049:0000d32e061a0029c5ccdae47322435ba6e55cac53459f5d334a8ccfc03203ca
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\bab091.norecovericon.dat
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):174
                                                                                                                                                                              Entropy (8bit):4.747151880874695
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:L2lhgnnn/9HNhcGVUDTERd8oDFLSbhlVEHgUVwkdHYzHcLSTp43FQClB/YcYN:LChgnl8GVUDTERCoDt8V8PVwkFYqSVgE
                                                                                                                                                                              MD5:4F6E1FDBEF102CDBD379FDAC550B9F48
                                                                                                                                                                              SHA1:5DA6EE5B88A4040C80E5269E0CD2B0880B20659C
                                                                                                                                                                              SHA-256:E58EA352C050E6353FB5B4FA32A97800298C1603489D3B47794509AF6C89EC4C
                                                                                                                                                                              SHA-512:54EFC9BDE44F332932A97396E59ECA5B6EA1AC72F929CCFFA1BDAB96DC3AE8D61E126ADBD26D12D0BC83141CEE03B24AD2BADA411230C4708B7A9AE9C60AECBE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: A...................j........<\...babylonsig=000073e9c01f6a45cc864dc02a0f7bf8bcabc4db855fc5bd7a04d0abc34be5df:0000050db25f8bdf7e3b9e906bf562b69d8997079c552e0c644fd006193bd428
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\bab148.spreg.dat
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):249
                                                                                                                                                                              Entropy (8bit):5.365979053267958
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:t8knqres54xUSIJY7rsNXVO5HzVUTA010HkiYKoYb7orHTMS:t8knqPCxUNYXsFcNzVUM0109Y6/ozTT
                                                                                                                                                                              MD5:A4AF0A0C254B38F2F9EECBF0E00B08FE
                                                                                                                                                                              SHA1:EF730BCE77699730DDA378DC444B997CE7CEEA7A
                                                                                                                                                                              SHA-256:810E0E32D54B9E1557DA7CCF1CA9F6354814E90DADC6B4AF5E1CBDF87FAC925A
                                                                                                                                                                              SHA-512:B74596E55E75413303559C135DB393A04D6FD6CBAB147A51AC2F46435F52B92B82868DE4E67917A7B388D82C672FA36B525B88E2EEFE7EC40695F028395DCD84
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: A@i....................@YHKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\Instl\Data...........babylonsig=000100374627dcb412ef9c7f6e6383eb408216ef2e8c99cab4a28ea690db202a:00006cc208e02b54e138d1ec1b02ef66d0b7f8e02d0d3a2c12c6a72548b0fc07
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\bab187.wl.dat
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):234
                                                                                                                                                                              Entropy (8bit):5.1257718700950665
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:elm7gnnn7nlun8FxIEyLdKC1xZ1jPAUFA9EHANrQ3wV39VuVUjKGBTc6+HYXDwDe:fgn8n8zIxdK2HG7EgNEg39MmIYXUDQQU
                                                                                                                                                                              MD5:6358860CD0C336C1F91F86BE701D77C4
                                                                                                                                                                              SHA1:5DD38B818BF0860B4C5144BA670A759D4345E4EC
                                                                                                                                                                              SHA-256:2ED42E3C958EB21352BAE4B00DB2FA5BE94149ABC64EEC93E5258B9C4A715457
                                                                                                                                                                              SHA-512:7DF3B3E1487D3A65000B6208969F1E695815133C052F369BEB36877FE5C6F64D979AEFD030A193B04A5E46FB0D97A3CC06837AA381EFE6BC24A0C084C768DAC1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: A@Z..............2........."search.babylon.com.......$www.claro-search.com...... .........9...babylonsig=000014b501afb12514e838be35fd24590f9f095658a0cdd234df33a6003ea621:0000627597f0acd7d524976ccd69bab0cb4198771d23d12f21d1af554430d7ef
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\bab307.sp_pop0.dat
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):178
                                                                                                                                                                              Entropy (8bit):4.797553801917334
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:PC2nnnxnzkS2gfE8JfizV3RT3d/7lkVVYQdyFE6MBvhShRO7H/bSGPX:62n+S2V8Vu3139lkVVYX+NB8ADT1PX
                                                                                                                                                                              MD5:0B7BE9C4B72C2C5166BFD61CA5EBBFED
                                                                                                                                                                              SHA1:AEA0AA4E8226C1B4EFCE92E909DA773744BAA6D4
                                                                                                                                                                              SHA-256:673BF972D308BC6108360575608CF72F393413F2D3993489B06DA4A6EFC749BD
                                                                                                                                                                              SHA-512:4DCD7EA01B05550ACB00B71E7E9FDD52A04FE1CC574655030DCAE94B87DAD86BFB7973ADF9185DE03BCACB100FFF758B1A2F928FCB951E2B31E320860A2226D8
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: A#..............2.................b+..babylonsig=0000b7d47988ec9b6d29c69c2d65aa0453a80949ffe47b173bcbcbaf1664b37f:0000d475e18513509c850255a7e329dacbd702f4edee04be1371ccd95bc05742
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\bab456.TB_OldWay.dat
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):174
                                                                                                                                                                              Entropy (8bit):4.752125358171384
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:L2lhgnnnShk1X3slFi0U6tgFnlHOW8O+NYXnbcE0aBSVXdE1TbSXQK:LChgnShklvkWFnd+2XbciSV0SXQK
                                                                                                                                                                              MD5:7E72D256E34635D351092955D1F8516B
                                                                                                                                                                              SHA1:7F240F8F4BD61AE59247D84D0EC85F5BC8729F36
                                                                                                                                                                              SHA-256:39EB1667A67149B5D930E5408896027E3C3FC06282735E61CB8D85F5B38F587C
                                                                                                                                                                              SHA-512:621EB4BF2864DB2FA0F861C233CED790124E9060C081948BEB7117F8C058A36ECCA23EE05CE2D6D42AF15533C050F648D276589682D91DFE699EBE871CC9AE8C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: A..............................o|.babylonsig=0000f7ffd199a6d07f03f6b2b8764a34a26e4dc1ed5ba9a3d998872127314113:0000cb9730cf6e41158f8f209a78d8121f40b07026490a300c0a084fb724d516
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\sqlite3.dll
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):520234
                                                                                                                                                                              Entropy (8bit):6.562174410690013
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:RgEF6lmEVKtkDCQ/kUrc7dBLhuKgrQCjBXPTnrKcCxcfKvrLJLqgx5YMk4HJ0yPF:GEEdkUrc7RuKcQCdGVtT0MkCwwV/Hn
                                                                                                                                                                              MD5:0F66E8E2340569FB17E774DAC2010E31
                                                                                                                                                                              SHA1:406BB6854E7384FF77C0B847BF2F24F3315874A3
                                                                                                                                                                              SHA-256:DE818C832308B82C2FABD5D3D4339C489E6F4E9D32BB8152C0DCD8359392695F
                                                                                                                                                                              SHA-512:39275DF6E210836286E62A95ACE7F66C7D2736A07B80F9B7E9BD2A716A6D074C79DEAE54E2D21505B74BAC63DF0328D6780A2129CDFDA93AEC1F75B523DA9E05
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h..K........... ...8.$...t...............@.....`.......................................... ......................`..,.......P...............................H!...................................................................................text....#.......$..................`..`.data...8....@.......(..............@....bss.........P...........................edata..,....`.......6..............@....idata..P............N..............@....reloc..H!......."...V..............@....stab...l............x.................B.stabstr...............................B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\Delta.ini
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):24010
                                                                                                                                                                              Entropy (8bit):5.256061925112856
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:Haj/Hjzoy61aj/Hjzoy6Kj/Hjzoy6Xj/Hjzoy6iHjzoy6jjzoy6vzoy6SIzoy6xL:6DoybDoy5DoyYDoyboyMoy+oyX4oyw4k
                                                                                                                                                                              MD5:BA92C29E1BD7CC6B0224F64A2E1FED89
                                                                                                                                                                              SHA1:4FD801B44D28CDB63D2978779B8663809ADAD3C2
                                                                                                                                                                              SHA-256:98A6145FB7C8040AFA9246706861B4DE5E026D00CB8A06E0C4987D7FEF3EEA65
                                                                                                                                                                              SHA-512:2B36A53BB3D3B02F2DA1734F85F0C437B5EDE3312D439B06AEB962A7029AB4BE10BD2A066146E5404007B62604FC28727EAC1355A8375E6D4ED7328D07E4587F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: [Settings]..NumFields=13....[Field 1]..Type=RadioButton..Text=Quick (Recommended)..Left=50..Right=280..Top=0..Bottom=8..Flags=NOTABSTOP|NOTIFY....[Field 2]..Type=Bitmap..Text=delta_logo_small.bmp..Left=0..Right=35..Top=0..Bottom=135..Flags=NOTABSTOP....[Field 3]..Type=checkbox..Text=Install Delta toolbar..Left=62..Right=-10..Top=76..Bottom=84..State=1..Flags=NOTABSTOP|NOTIFY....[Field 4]..Type=checkbox..Text=Make Delta my default search engine..Left=72..Right=-10..Top=88..Bottom=96..State=1..Flags=NOTABSTOP|NOTIFY....[Field 5]..Type=checkbox..Text=Make Delta my default homepage and new tab..Left=72..Right=-10..Top=100..Bottom=108..State=1..Flags=NOTABSTOP|NOTIFY....[Field 6]..Type=label..Text=By clicking next you accept the..Left=50..Right=149..Top=130..Bottom=138..Flags=NOTABSTOP....[Field 7]..Type=Link..Text=legal terms..Left=150..Right=186..Top=130..Bottom=138..State=http://info.delta-search.com/uninstall/eula.html..Flags=NOTABSTOP....[Field 8]..Type=label..Text=of Delta toolbar..Le
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\InstallOptions.dll
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):14848
                                                                                                                                                                              Entropy (8bit):5.550299117674118
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
                                                                                                                                                                              MD5:325B008AEC81E5AAA57096F05D4212B5
                                                                                                                                                                              SHA1:27A2D89747A20305B6518438EFF5B9F57F7DF5C3
                                                                                                                                                                              SHA-256:C9CD5C9609E70005926AE5171726A4142FFBCCCC771D307EFCD195DAFC1E6B4B
                                                                                                                                                                              SHA-512:18362B3AEE529A27E85CC087627ECF6E2D21196D725F499C4A185CB3A380999F43FF1833A8EBEC3F5BA1D3A113EF83185770E663854121F2D8B885790115AFDF
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.p..q.,.q.,.q.,.q.,@q.,.~C,.q.,\R.,.q.,\R/,.q.,.w.,.q.,.Q.,.q.,Rich.q.,........................PE..L......K...........!.........<.......).......0.......................................................................8..p...81.......p..........................@....................................................0..8............................text...@........................... ..`.rdata.......0....... ..............@..@.data... (...@.......*..............@....rsrc........p.......2..............@..@.reloc...............4..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\LangDLL.dll
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):5632
                                                                                                                                                                              Entropy (8bit):3.951555564830228
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2
                                                                                                                                                                              MD5:9384F4007C492D4FA040924F31C00166
                                                                                                                                                                              SHA1:ABA37FAEF30D7C445584C688A0B5638F5DB31C7B
                                                                                                                                                                              SHA-256:60A964095AF1BE79F6A99B22212FEFE2D16F5A0AFD7E707D14394E4143E3F4F5
                                                                                                                                                                              SHA-512:68F158887E24302673227ADFFC688FD3EDABF097D7F5410F983E06C6B9C7344CA1D8A45C7FA05553ADCC5987993DF3A298763477168D4842E554C4EB93B9AAAF
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................~..........z.....B....Rich..........PE..L......K...........!......................... ...............................`......................................p"..I...` ..P....@..`....................P....................................................... ..`............................text...l........................... ..`.rdata....... ......................@..@.data...l....0......................@....rsrc...`....@......................@..@.reloc..@....P......................@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\System.dll
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):11264
                                                                                                                                                                              Entropy (8bit):5.568877095847681
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
                                                                                                                                                                              MD5:C17103AE9072A06DA581DEC998343FC1
                                                                                                                                                                              SHA1:B72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D
                                                                                                                                                                              SHA-256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
                                                                                                                                                                              SHA-512:D32A71AAEF18E993F28096D536E41C4D016850721B31171513CE28BBD805A54FD290B7C3E9D935F72E676A1ACFB4F0DCC89D95040A0DD29F2B6975855C18986F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L......K...........!................0).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text...1........................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\delta_logo_small.bmp
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:PC bitmap, Windows 3.x format, 50 x 46 x 32
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):9275
                                                                                                                                                                              Entropy (8bit):5.943259792257716
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:NFwO6xAA7skBZgZIY1nIcg9tmZ0Hcy7y5q7WvbVZE8qObUO5wG3:6JYOqIhP9tmZ0Hcy7y5q7WvbUs3
                                                                                                                                                                              MD5:2786F736B7A2022A9117FA8CDDF7269B
                                                                                                                                                                              SHA1:FEEFBA3044896EABE63545DF3FC50056C7663002
                                                                                                                                                                              SHA-256:C92E8E901C8FF0B2384840200D2A22A9FD357F6A3D8784E5DA6F93CD863D3CAD
                                                                                                                                                                              SHA-512:F9160AD0D4B429250BD7B0701CEAB4E7AAA643BB478309B7F684C12BA6EC3FB6F9F50141A347302314923929D74E9F5C1A6F2672F0056B0801215CDD64A030EB
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: BM&$......6...(...2......... ........................................................................................._..<..&.r...Z...I.x...............................................v....}...u.Z..........................................................................................................3.|.%....O..L...U...`...k...u..j.{.....................................S..9...)....|...y...|................................................................................................m...H.j..B...9...F...R...]...h...q...{.....................................m...Z...F...4...%.....}...x...s...u.......................................................................................,R7.."...5...A...M...X...d...q...c...M..RK/.T7$.B...<...=...>...B ..|...........l...T...?.../.....~...z...w...s...m.?.............................................................................."6'..".......:...F...S...Z...L..1...;...=...@...C...E...G...H...J"......................h...O...;...).....
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\ioSpecial.ini
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):3954
                                                                                                                                                                              Entropy (8bit):5.285203416378771
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:5OIcUvOIFImnIUI8TeliNQJcJiNQqiNQEzcAiNQTzcAiNQS:5zzykNJwN0NX49No49N9
                                                                                                                                                                              MD5:B195A23874C504DE337CB2AFFF67CA5B
                                                                                                                                                                              SHA1:D6830831ED6AE087CFCEBDBEEFB17871237F49AC
                                                                                                                                                                              SHA-256:B200FBF04B8BB0411ABD5B8342019C1805C053EE13B227CAFCF7DC75AC05F6EA
                                                                                                                                                                              SHA-512:F86DF8D92189871F52A33B0E10AA163F763606EF0A765C37DFFF5E6065E0584143E10D8FB7E852C65EFA9EC51381539C2D07AD074AAAE94146EBF04B9210816D
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: [Settings]..Rect=1044..NumFields=3..[Field 1]..Type=bitmap..Left=0..Right=109..Top=0..Bottom=193..Flags=RESIZETOFIT..[Field 2]..Type=label..Left=120..Right=315..Top=10..[Field 3]..Type=label..Left=120..Right=315RTL=0..[Field 1]..Type=bitmap..Left=0..Right=109..Top=0..Bottom=193..Flags=RESIZETOFIT..[Field 2]..Type=label..Left=120..Right=315..Top=10..[Field 3]..Type=label..Left=120..Right=315..Text=C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\modern-wizard.bmp..[Field 2]..Type=label..Left=120..Right=315..Top=10..[Field 3]..Type=label..Left=120..Right=315..3NextButtonText=..[Field 1]..Type=bitmap..Left=0..Right=109..Top=0..Bottom=193..Flags=RESIZETOFIT..Text=C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\modern-wizard.bmp..[Field 2]..Type=label..Left=120..Right=315..Top=10..[Field 3]..Type=label..Left=120..Right=315..CancelEnabled=..[Field 1]..Type=bitmap..Left=0..Right=109..Top=0..Bottom=193..Flags=RESIZETOFIT..Text=C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\modern-wizard.bmp..[Field
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\modern-wizard.bmp
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):26494
                                                                                                                                                                              Entropy (8bit):1.9568109962493656
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
                                                                                                                                                                              MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                                                                                                                              SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                                                                                                                              SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                                                                                                                              SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
                                                                                                                                                                              C:\Users\user\AppData\Roaming\Babylon\log_file.txt
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2666
                                                                                                                                                                              Entropy (8bit):5.5802537276799
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:XVLPvxOorowMBUWr+ttGIBXV6b8xTmxvnFDlTGvtGu+V6b8xTsLmH:FLvRoDSWr+TsbQmxvnFpTs75bQN
                                                                                                                                                                              MD5:E27E4AEF46CC02E214F025726E8C4524
                                                                                                                                                                              SHA1:FD7ADC310ADBC1461FB708D5B82D006240958A93
                                                                                                                                                                              SHA-256:26323755C0079746A0A5D31893B626AA8651F6391BC93FB8BB9349374FFBAD76
                                                                                                                                                                              SHA-512:49C27362C6F101DE4937ED2DB0AA2C30A37C4965CC5D3F1CB28CBD803F5C1F288B8041E47B9E0B221D660223280926BF018487883A12885B9CEFB8A607EEB40E
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: ...----------- 30/09/21 - running v9.1.1.10 on 585948 (user:user) -----------.. Windows Path: C:\Windows..09:16:53 (Setup)-Command line: -xprm="cat=delta" -expg=none /aflt=babsst /babTrack="affID=122471" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt...09:16:53 (Client)-LM file is C:\ProgramData\Babylon\BabAll.dat...09:16:53 (Client)-LM imported to file...09:16:54 (Client)-LM file access denied...09:16:55 (Setup)-UI lang: 0, src: 4...09:16:55 (Setup)-SourceDir: C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\...09:16:55 (Setup)-InstallDir: C:\Program Files (x86)\Babylon\Babylon-Pro\...09:16:55 (Setup)-SilentInstall: 1...09:16:55 (Setup)-MinRequirements: 0...09:16:55 (Setup)-IsUpgrade: 0...09:16:55 (Setup)-TBInstallState: 4...09:16:55 (Setup)-SetupType: 50...09:16:55 (Setup)-SetupFlags: 42...09:16:55 (Setup)-PrevVersion: 0...09:16:55 (Setup)-TBInstall: 1...09:16:55 (Setup)-Report: http://stat.info-stream.net/report.php?no_policy=1&lang=0&source=setup-star
                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\README.lnk
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Mar 31 20:28:36 2011, mtime=Thu Sep 30 06:17:03 2021, atime=Thu Mar 31 20:28:36 2011, length=1689, window=hide
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):877
                                                                                                                                                                              Entropy (8bit):4.551649422835096
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:8mPcXYXzhLljlcdpF4yazRDy3Y+KqWMYjAOJSmbdpMxqtbdpMx829LntBm:8mPzMdogI1qWM8AOYCd+8d+qoJBm
                                                                                                                                                                              MD5:7E682670BB18449A89BED3DF26ADCB03
                                                                                                                                                                              SHA1:19B9C31D3C04A71D2674F5AF66C482038A2C0A31
                                                                                                                                                                              SHA-256:9DA029104EF26DC493D705C442811437303681D3E29FC8208789F56A1C8F3059
                                                                                                                                                                              SHA-512:AC19C81AAAC17CEB91B12B8D7D1F69EBFD6334F808618C9516CBD77BBC9150EC4BD4813D87F33991F15B917B5ADABEC718973DCAB39FFC5B3124907775A59C01
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: L..................F.... ....ZJ.}......*....ZJ.}...........................u....P.O. .:i.....+00.../C:\.....................1.....>Q.;..PROGRA~1..t......L.>S.:....E...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1.....>S":..Unlocker..B......>S":>S":....J.....................B)..U.n.l.o.c.k.e.r.....`.2......>.. .README.TXT..F......>..>S":....E.........................R.E.A.D.M.E...T.X.T.......S...............-.......R..............3.....C:\Program Files\Unlocker\README.TXT..<.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.U.n.l.o.c.k.e.r.\.R.E.A.D.M.E...T.X.T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.U.n.l.o.c.k.e.r.`.......X.......585948...........!a..%.H.VZAj...{................!a..%.H.VZAj...{...............E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............
                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Start Unlocker.lnk
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Jan 9 23:32:34 2013, mtime=Thu Sep 30 06:17:03 2021, atime=Wed Jan 9 23:32:34 2013, length=124928, window=hide
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):889
                                                                                                                                                                              Entropy (8bit):4.468632788740757
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:8mCLkBYXjZ1hdKWbdpF4yazGuPe93IjEjA0J2bdpMxAxQbdpMx829LV3Bm:8mCX5doKMe9YUA08d+iid+qo1Bm
                                                                                                                                                                              MD5:B2186237F4896041C48CA59CA4EA7B3D
                                                                                                                                                                              SHA1:07CAB8E5AC8AA4783E7DC2DCAB777B80BD071FF6
                                                                                                                                                                              SHA-256:1926431724048EB8E7D2220578EC3833E2BF02FB38FC6F2CC1891034B8F90F72
                                                                                                                                                                              SHA-512:DDAC4AC5580EEF38AB3BD5D48D40BDA6A7F5F335C6C1C6E8BB43D4A5C8D90CE4BFAF59B67812C0B945726F33778E40ED5F8A6CE6CCAED23E62FD4C6B1448020E
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: L..................F.... ....}.........*....}..............................{....P.O. .:i.....+00.../C:\.....................1.....>S":..PROGRA~1..t......L.>S":....E...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1.....>S":..Unlocker..B......>S":>S":....J........................U.n.l.o.c.k.e.r.....f.2.....*B.. .Unlocker.exe..J......*B..>S":.............................U.n.l.o.c.k.e.r...e.x.e.......U...............-.......T..............3.....C:\Program Files\Unlocker\Unlocker.exe..>.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.U.n.l.o.c.k.e.r.\.U.n.l.o.c.k.e.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.U.n.l.o.c.k.e.r.`.......X.......585948...........!a..%.H.VZAj....................!a..%.H.VZAj...................E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............
                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnk
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):593
                                                                                                                                                                              Entropy (8bit):2.7913299530091704
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:4xtCl0TMl//A9LY/dlrtmlXP/lGMy0fK1KRSAtSbdlrMrl6HRSAVlubdlrMrlF:8wl0TkXXdpsFFK4qbdpMxEsbdpMxF
                                                                                                                                                                              MD5:2D83A59CB7C11AA6B7801CEF69A0B189
                                                                                                                                                                              SHA1:D1CE98D8A3B9CDA21A97A4B9641E9E29C645C458
                                                                                                                                                                              SHA-256:130A70D4025BE067A40B01F45C996A915E78CAF01CA0AA08BF56DD13F718252E
                                                                                                                                                                              SHA-512:DD758D1D281C4FB8D96480A1FE90723C940497170E215589ED50B7B8D3DB1610F313D5696C629CC0DEFE8BB403CD4D49F5BF458152FCFE9AE25430C3A9BE2BAC
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: L..................F........................................................Q....P.O. .:i.....+00.../C:\...................h.1...........Program Files.L............................................P.r.o.g.r.a.m. .F.i.l.e.s.....Z.1...........Unlocker..B............................................U.n.l.o.c.k.e.r.....`.2...........uninst.exe..F............................................u.n.i.n.s.t...e.x.e.......<.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.U.n.l.o.c.k.e.r.\.u.n.i.n.s.t...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.U.n.l.o.c.k.e.r.....
                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Website.lnk
                                                                                                                                                                              Process:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Sep 30 06:17:05 2021, mtime=Thu Sep 30 06:17:05 2021, atime=Thu Sep 30 06:17:05 2021, length=56, window=hide
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):889
                                                                                                                                                                              Entropy (8bit):4.482752115394818
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:8mq6363dtcBYXjZ1hdKWbdpF4yazquvLNwBjEjA0J8SbdpMxAxrbdpMx829LY6Bm:8mq636375domeR6UA0Fd+iBd+qoFBm
                                                                                                                                                                              MD5:D37A354408068CADBC10F2B7BFE97641
                                                                                                                                                                              SHA1:BF6F3D2896B4752EA1F0EF89F529DF7ADCEF0245
                                                                                                                                                                              SHA-256:60F463DD840CD74E4752D8BF7AA35AA4A3D5590801080F0EE3FD7044AE88A559
                                                                                                                                                                              SHA-512:800DBFFA6334B076A1B2A9889F1E1B054E2AE81E497ED8EB7148218EC20424ACEA3A4024E0CE9DEC27446956EAD27156E17BC21B8259242A0716CDDE5C78D0D1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview: L..................F.... ...1..+...1..+...1..+...8.......................{....P.O. .:i.....+00.../C:\.....................1.....>S":..PROGRA~1..t......L.>S":....E...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1.....>S":..Unlocker..B......>S":>S":....J.......................f.U.n.l.o.c.k.e.r.....f.2.8...>S#: .Unlocker.url..J......>S#:>S#:............................U.n.l.o.c.k.e.r...u.r.l.......U...............-.......T..............3.....C:\Program Files\Unlocker\Unlocker.url..>.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.U.n.l.o.c.k.e.r.\.U.n.l.o.c.k.e.r...u.r.l...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.U.n.l.o.c.k.e.r.`.......X.......585948...........!a..%.H.VZAj....................!a..%.H.VZAj...................E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

                                                                                                                                                                              Static File Info

                                                                                                                                                                              General

                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                              Entropy (8bit):7.958432599476033
                                                                                                                                                                              TrID:
                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                                                                                                              • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                              File name:Unlocker1.9.2.exe
                                                                                                                                                                              File size:1078591
                                                                                                                                                                              MD5:1e02d6aa4a199448719113ae3926afb2
                                                                                                                                                                              SHA1:f1eff6451ced129c0e5c0a510955f234a01158a0
                                                                                                                                                                              SHA256:fb6b1171776554a808c62f4045f5167603f70bf7611de64311ece0624b365397
                                                                                                                                                                              SHA512:7d0f1416beb8c141ee992fe594111042309690c00741dff8f9f31b4652ed6a96b57532780e3169391440076d7ace63966fab526a076adcdc7f7ab389b4d0ff98
                                                                                                                                                                              SSDEEP:24576:eLMeYSiGTpTLDxxwqQcqOj5eyHox6ZGmAuXE7ZBlbT:+PbVvwqQpoLHontDrlbT
                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................Z.........

                                                                                                                                                                              File Icon

                                                                                                                                                                              Icon Hash:a2a0b496b2caca72

                                                                                                                                                                              Static PE Info

                                                                                                                                                                              General

                                                                                                                                                                              Entrypoint:0x4030cb
                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                                                                              DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                              Time Stamp:0x4B1AE3C1 [Sat Dec 5 22:50:41 2009 UTC]
                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                              OS Version Major:4
                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                              File Version Major:4
                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                              Subsystem Version Major:4
                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                              Import Hash:7fa974366048f9c551ef45714595665e

                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                              Instruction
                                                                                                                                                                              sub esp, 00000180h
                                                                                                                                                                              push ebx
                                                                                                                                                                              push ebp
                                                                                                                                                                              push esi
                                                                                                                                                                              xor ebx, ebx
                                                                                                                                                                              push edi
                                                                                                                                                                              mov dword ptr [esp+18h], ebx
                                                                                                                                                                              mov dword ptr [esp+10h], 00409160h
                                                                                                                                                                              xor esi, esi
                                                                                                                                                                              mov byte ptr [esp+14h], 00000020h
                                                                                                                                                                              call dword ptr [00407030h]
                                                                                                                                                                              push 00008001h
                                                                                                                                                                              call dword ptr [004070B0h]
                                                                                                                                                                              push ebx
                                                                                                                                                                              call dword ptr [0040727Ch]
                                                                                                                                                                              push 00000008h
                                                                                                                                                                              mov dword ptr [00423F38h], eax
                                                                                                                                                                              call 00007F86D47AE516h
                                                                                                                                                                              mov dword ptr [00423E84h], eax
                                                                                                                                                                              push ebx
                                                                                                                                                                              lea eax, dword ptr [esp+34h]
                                                                                                                                                                              push 00000160h
                                                                                                                                                                              push eax
                                                                                                                                                                              push ebx
                                                                                                                                                                              push 0041F430h
                                                                                                                                                                              call dword ptr [00407158h]
                                                                                                                                                                              push 00409154h
                                                                                                                                                                              push 00423680h
                                                                                                                                                                              call 00007F86D47AE1C9h
                                                                                                                                                                              call dword ptr [004070ACh]
                                                                                                                                                                              mov edi, 00429000h
                                                                                                                                                                              push eax
                                                                                                                                                                              push edi
                                                                                                                                                                              call 00007F86D47AE1B7h
                                                                                                                                                                              push ebx
                                                                                                                                                                              call dword ptr [0040710Ch]
                                                                                                                                                                              cmp byte ptr [00429000h], 00000022h
                                                                                                                                                                              mov dword ptr [00423E80h], eax
                                                                                                                                                                              mov eax, edi
                                                                                                                                                                              jne 00007F86D47AB92Ch
                                                                                                                                                                              mov byte ptr [esp+14h], 00000022h
                                                                                                                                                                              mov eax, 00429001h
                                                                                                                                                                              push dword ptr [esp+14h]
                                                                                                                                                                              push eax
                                                                                                                                                                              call 00007F86D47ADCAAh
                                                                                                                                                                              push eax
                                                                                                                                                                              call dword ptr [0040721Ch]
                                                                                                                                                                              mov dword ptr [esp+1Ch], eax
                                                                                                                                                                              jmp 00007F86D47AB985h
                                                                                                                                                                              cmp cl, 00000020h
                                                                                                                                                                              jne 00007F86D47AB928h
                                                                                                                                                                              inc eax
                                                                                                                                                                              cmp byte ptr [eax], 00000020h
                                                                                                                                                                              je 00007F86D47AB91Ch
                                                                                                                                                                              cmp byte ptr [eax], 00000022h
                                                                                                                                                                              mov byte ptr [eax+eax+00h], 00000000h

                                                                                                                                                                              Rich Headers

                                                                                                                                                                              Programming Language:
                                                                                                                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                              Data Directories

                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x2e0000x5868.rsrc
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                              Sections

                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                              .text0x10000x58d20x5a00False0.665234375data6.43310034828IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .rdata0x70000x11900x1200False0.4453125data5.17976375781IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .data0x90000x1af780x400False0.55078125data4.6178023207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .ndata0x240000xa0000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .rsrc0x2e0000x58680x5a00False0.151085069444data3.41726660611IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                              Resources

                                                                                                                                                                              NameRVASizeTypeLanguageCountry
                                                                                                                                                                              RT_BITMAP0x2ea780x666dataEnglishUnited States
                                                                                                                                                                              RT_ICON0x2f0e00x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 10526884, next used block 8421504EnglishUnited States
                                                                                                                                                                              RT_ICON0x2f9880x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x2fef00xb4dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x2ffa80x120dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x300c80x118dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x301e00x202dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x303e80xf8dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x304e00xeedataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x305d00xb4dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x306880x120dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x307a80x118dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x308c00x202dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x30ac80xf8dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x30bc00xeedataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x30cb00xb4dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x30d680x120dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x30e880x118dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x30fa00x202dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x311a80xf8dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x312a00xeedataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x313900xb4dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x314480x120dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x315680x118dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x316800x202dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x318880xf8dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x319800xeedataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x31a700xacdataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x31b200x118dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x31c380x110dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x31d480x1fadataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x31f480xf0dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x320380xe6dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x321200xa0dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x321c00x10cdataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x322d00x104dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x323d80x1eedataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x325c80xe4dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x326b00xdadataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x327900xa0dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x328300x10cdataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x329400x104dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x32a480x1eedataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x32c380xe4dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x32d200xdadataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x32e000xa4dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x32ea80x110dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x32fb80x108dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x330c00x1f2dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x332b80xe8dataEnglishUnited States
                                                                                                                                                                              RT_DIALOG0x333a00xdedataEnglishUnited States
                                                                                                                                                                              RT_GROUP_ICON0x334800x22dataEnglishUnited States
                                                                                                                                                                              RT_MANIFEST0x334a80x3beXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                                                                              Imports

                                                                                                                                                                              DLLImport
                                                                                                                                                                              KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
                                                                                                                                                                              USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                                                                                                                              GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                              SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                                                                                                                              ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                                                                                                                              COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                              ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                              VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                                                                                                              Possible Origin

                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                              Network Behavior

                                                                                                                                                                              Snort IDS Alerts

                                                                                                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                              09/30/21-09:16:57.412698TCP2925INFO web bug 0x0 gif attempt8049754184.154.27.232192.168.2.4
                                                                                                                                                                              09/30/21-09:16:59.433735TCP2925INFO web bug 0x0 gif attempt8049757184.154.27.232192.168.2.4

                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                              TCP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Sep 30, 2021 09:16:57.171772957 CEST4975480192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:57.257755041 CEST4975580192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:57.290647984 CEST8049754184.154.27.232192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:57.290812969 CEST4975480192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:57.293144941 CEST4975480192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:57.376660109 CEST8049755184.154.27.232192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:57.376775980 CEST4975580192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:57.411360025 CEST8049754184.154.27.232192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:57.412698030 CEST8049754184.154.27.232192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:57.412724018 CEST8049754184.154.27.232192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:57.412823915 CEST4975480192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:57.412961006 CEST4975480192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:57.412983894 CEST4975580192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:57.531404972 CEST8049755184.154.27.232192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:57.532994986 CEST8049755184.154.27.232192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:57.533035994 CEST8049755184.154.27.232192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:57.533094883 CEST4975580192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:57.533129930 CEST4975580192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:57.717871904 CEST4975680192.168.2.4198.143.175.67
                                                                                                                                                                              Sep 30, 2021 09:16:57.883183002 CEST8049756198.143.175.67192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:57.883868933 CEST4975680192.168.2.4198.143.175.67
                                                                                                                                                                              Sep 30, 2021 09:16:57.891450882 CEST4975680192.168.2.4198.143.175.67
                                                                                                                                                                              Sep 30, 2021 09:16:58.057307005 CEST8049756198.143.175.67192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:58.057344913 CEST8049756198.143.175.67192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:58.057369947 CEST8049756198.143.175.67192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:58.057393074 CEST8049756198.143.175.67192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:58.057409048 CEST8049756198.143.175.67192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:58.057465076 CEST4975680192.168.2.4198.143.175.67
                                                                                                                                                                              Sep 30, 2021 09:16:58.057503939 CEST4975680192.168.2.4198.143.175.67
                                                                                                                                                                              Sep 30, 2021 09:16:58.411297083 CEST8049754184.154.27.232192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:58.411464930 CEST4975480192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:58.522130966 CEST8049755184.154.27.232192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:58.522257090 CEST4975580192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:59.189913034 CEST4975480192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:59.189980984 CEST4975480192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:59.193228006 CEST4975780192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:59.312660933 CEST8049757184.154.27.232192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:59.312927961 CEST4975780192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:59.313699007 CEST4975780192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:59.432476044 CEST8049757184.154.27.232192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:59.433734894 CEST8049757184.154.27.232192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:59.433768034 CEST8049757184.154.27.232192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:59.433936119 CEST4975780192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:59.437731981 CEST4975780192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:59.546945095 CEST4975780192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:16:59.546993017 CEST4975780192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:17:02.132072926 CEST4975580192.168.2.4184.154.27.232
                                                                                                                                                                              Sep 30, 2021 09:17:02.132123947 CEST4975680192.168.2.4198.143.175.67

                                                                                                                                                                              UDP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Sep 30, 2021 09:16:29.988225937 CEST5453153192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:16:30.017988920 CEST53545318.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:57.137080908 CEST4971453192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:16:57.156394958 CEST53497148.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:57.201644897 CEST5802853192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:16:57.254693031 CEST53580288.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:16:57.567873955 CEST5309753192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:16:57.714998960 CEST53530978.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:17:02.740612984 CEST4925753192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:17:02.775854111 CEST53492578.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:17:23.403990984 CEST6238953192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:17:23.427897930 CEST53623898.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:17:23.990320921 CEST4991053192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:17:24.010986090 CEST53499108.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:17:24.483925104 CEST5585453192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:17:24.538614988 CEST53558548.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:17:24.938654900 CEST6454953192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:17:24.942924976 CEST6315353192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:17:24.958466053 CEST53645498.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:17:24.977648973 CEST53631538.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:17:25.475150108 CEST5299153192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:17:25.495186090 CEST53529918.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:17:26.029423952 CEST5370053192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:17:26.049119949 CEST53537008.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:17:26.606257915 CEST5172653192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:17:26.624227047 CEST53517268.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:17:27.785625935 CEST5679453192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:17:27.805111885 CEST53567948.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:17:30.208062887 CEST5653453192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:17:30.249942064 CEST53565348.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:17:30.600656033 CEST5662753192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:17:30.622221947 CEST53566278.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:17:40.456280947 CEST5662153192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:17:40.478071928 CEST53566218.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:18:11.529344082 CEST6311653192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:18:11.556926966 CEST53631168.8.8.8192.168.2.4
                                                                                                                                                                              Sep 30, 2021 09:18:13.294905901 CEST6407853192.168.2.48.8.8.8
                                                                                                                                                                              Sep 30, 2021 09:18:13.328147888 CEST53640788.8.8.8192.168.2.4

                                                                                                                                                                              DNS Queries

                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                              Sep 30, 2021 09:16:57.137080908 CEST192.168.2.48.8.8.80x2539Standard query (0)stat.info-stream.netA (IP address)IN (0x0001)
                                                                                                                                                                              Sep 30, 2021 09:16:57.201644897 CEST192.168.2.48.8.8.80x686fStandard query (0)stp.babylon.comA (IP address)IN (0x0001)
                                                                                                                                                                              Sep 30, 2021 09:16:57.567873955 CEST192.168.2.48.8.8.80x7900Standard query (0)dl.babylon.comA (IP address)IN (0x0001)

                                                                                                                                                                              DNS Answers

                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                              Sep 30, 2021 09:16:57.156394958 CEST8.8.8.8192.168.2.40x2539No error (0)stat.info-stream.netstat.babylon-services.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                              Sep 30, 2021 09:16:57.156394958 CEST8.8.8.8192.168.2.40x2539No error (0)stat.babylon-services.com184.154.27.232A (IP address)IN (0x0001)
                                                                                                                                                                              Sep 30, 2021 09:16:57.254693031 CEST8.8.8.8192.168.2.40x686fNo error (0)stp.babylon.comstp.babylon-services.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                              Sep 30, 2021 09:16:57.254693031 CEST8.8.8.8192.168.2.40x686fNo error (0)stp.babylon-services.com184.154.27.232A (IP address)IN (0x0001)
                                                                                                                                                                              Sep 30, 2021 09:16:57.714998960 CEST8.8.8.8192.168.2.40x7900No error (0)dl.babylon.comdl.babylon-services.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                              Sep 30, 2021 09:16:57.714998960 CEST8.8.8.8192.168.2.40x7900No error (0)dl.babylon-services.com198.143.175.67A (IP address)IN (0x0001)

                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                              • stat.info-stream.net
                                                                                                                                                                              • stp.babylon.com
                                                                                                                                                                              • dl.babylon.com

                                                                                                                                                                              HTTP Packets

                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                              0192.168.2.449754184.154.27.23280C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                              Sep 30, 2021 09:16:57.293144941 CEST1219OUTGET /report.php?no_policy=1&lang=0&source=setup-start&stage=0&ver=9.1.1.10&affilID=122471&guid={2D9F6D84-E555-456B-B377-7FC7E00E79CD}&mntrId=33EEECF4BBEA1588&moldid=33ee00e8000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=85&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=0&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0 HTTP/1.1
                                                                                                                                                                              User-Agent: Babylon
                                                                                                                                                                              Host: stat.info-stream.net
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Sep 30, 2021 09:16:57.412698030 CEST1220INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Thu, 30 Sep 2021 07:16:57 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                              Data Raw: 32 62 0d 0a 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b 0d 0a
                                                                                                                                                                              Data Ascii: 2bGIF89a!,D;
                                                                                                                                                                              Sep 30, 2021 09:16:57.412724018 CEST1220INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                              1192.168.2.449755184.154.27.23280C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                              Sep 30, 2021 09:16:57.412983894 CEST1221OUTGET /downloader.php?ver=9.1.1.10&affilID=122471&guid={2D9F6D84-E555-456B-B377-7FC7E00E79CD}&mntrId=33EEECF4BBEA1588&moldid=33ee00e8000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=85&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=0&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0&lang=en&zpb=1&geo=1 HTTP/1.1
                                                                                                                                                                              User-Agent: Babylon
                                                                                                                                                                              Host: stp.babylon.com
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Cookie: affilID=122471
                                                                                                                                                                              Sep 30, 2021 09:16:57.532994986 CEST1221INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Thu, 30 Sep 2021 07:16:57 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Set-Cookie: affilID=deleted; expires=Wed, 30-Sep-2020 07:16:56 GMT; path=/; domain=.babylon.com
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Keep-Alive: timeout=1, max=100
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Data Raw: 31 31 32 0d 0a 21 2d 74 72 6b 49 6e 66 6f 3d 5b 54 54 79 70 65 3a 35 30 31 32 5f 37 5d 3b 23 44 51 30 42 57 51 46 64 34 6e 47 4e 69 59 47 5a 69 59 47 45 46 59 6a 59 67 4e 67 46 69 46 69 59 47 5a 6b 59 48 5a 26 33 69 6b 68 51 33 74 77 6a 50 76 4f 4b 53 48 41 58 39 6e 4c 78 30 32 32 67 66 52 7a 26 33 57 41 58 39 78 4c 53 63 45 74 75 6b 78 4b 54 69 34 68 49 46 26 64 4b 38 54 4b 43 4b 78 4a 77 63 78 35 77 63 42 67 45 77 69 4a 32 72 75 78 4d 41 30 50 63 56 4c 51 3b 23 44 51 79 45 67 65 4a 78 6a 59 6d 42 6d 59 6d 42 68 42 57 49 32 49 44 59 43 59 69 35 47 56 73 59 47 41 52 42 34 31 76 5a 38 49 67 41 57 35 51 51 67 3b 24 68 74 74 70 3a 2f 2f 64 6c 2e 62 61 62 79 6c 6f 6e 2e 63 6f 6d 2f 73 69 74 65 2f 66 69 6c 65 73 2f 53 65 74 75 70 39 2f 64 77 72 2f 6c 61 74 65 73 74 2f 6c 61 74 65 73 74 5f 62 6c 2f 53 65 74 75 70 32 2e 7a 70 62 3b 0d 0a
                                                                                                                                                                              Data Ascii: 112!-trkInfo=[TType:5012_7];#DQ0BWQFd4nGNiYGZiYGEFYjYgNgFiFiYGZkYHZ&3ikhQ3twjPvOKSHAX9nLx022gfRz&3WAX9xLScEtukxKTi4hIF&dK8TKCKxJwcx5wcBgEwiJ2ruxMA0PcVLQ;#DQyEgeJxjYmBmYmBhBWI2IDYCYi5GVsYGARB41vZ8IgAW5QQg;$http://dl.babylon.com/site/files/Setup9/dwr/latest/latest_bl/Setup2.zpb;
                                                                                                                                                                              Sep 30, 2021 09:16:57.533035994 CEST1221INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                              2192.168.2.449756198.143.175.6780C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                              Sep 30, 2021 09:16:57.891450882 CEST1222OUTGET /site/files/Setup9/dwr/latest/latest_bl/Setup2.zpb HTTP/1.1
                                                                                                                                                                              User-Agent: Babylon
                                                                                                                                                                              Host: dl.babylon.com
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Sep 30, 2021 09:16:58.057344913 CEST1224INHTTP/1.1 200 OK
                                                                                                                                                                              Server: nginx/1.13.4
                                                                                                                                                                              Date: Thu, 30 Sep 2021 07:16:57 GMT
                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                              Content-Length: 3844
                                                                                                                                                                              Last-Modified: Wed, 01 Oct 2014 12:08:35 GMT
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              Keep-Alive: timeout=15
                                                                                                                                                                              ETag: "542beec3-f04"
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Data Raw: 91 78 12 11 03 00 00 00 01 5d 00 00 00 04 4c 22 00 00 00 00 00 00 00 00 80 3d bb 9b c1 4f c3 f3 d8 6b eb 99 b2 83 23 80 b4 0c 2d 58 69 3b 17 29 aa 73 5f b3 21 11 45 70 37 dc 51 50 92 10 3a 2c 44 82 14 5a e9 7a 4b 19 8d 5e c0 32 d8 f5 40 0b 9f 77 e7 42 46 99 52 41 2d e5 45 85 28 75 dc 6f b4 7d d7 ff 5a 1b 88 4b 56 83 e1 55 f1 da 9b 72 8d fa 25 5a 9b 93 dc 90 97 79 ef 32 47 67 e8 d3 be 56 5e b0 ca f6 a3 5e 95 b8 48 9d c1 65 d4 f6 0e 41 be ca 89 8a bf c0 70 af db ba ef 3b 48 39 8d fe 51 27 61 55 33 ba 90 6d 2f 84 83 27 11 80 27 b7 42 79 94 e3 49 c2 f7 cf dc 99 a2 41 cb b1 7c 11 ca f9 3d de 68 c1 00 42 27 2d f7 f5 90 3e a4 9f a7 93 11 1e 0a a1 f7 28 05 c6 63 b5 e8 b3 9e 8a 35 b1 13 3f d8 85 04 db 7d 12 e6 a7 db 71 9f e5 53 f1 56 4e 8c 1d 4a 75 bb a9 cb 76 b0 8b 5a b0 88 86 07 f1 5d 8d da 66 fd a7 a8 5c 4f 5d 91 58 e7 15 06 c9 50 3b 2b 5e 0c 96 55 ce 33 ca 1f d2 74 38 46 8e 22 a3 0a 64 0c 5f dd f5 98 e3 fc 05 a5 e7 41 d9 d1 b3 5b 9a 54 59 0e cd 2c 87 4f a6 dd a4 08 00 ed 34 41 8a 96 7a bc 8b 8e 41 e4 5a cf e5 62 31 81 b1 58 72 a7 52 1a d3 21 7a 5c fc e5 bb 44 ec a1 bf c5 76 c6 be 29 f5 59 bd a0 4a 44 81 04 d4 cb 47 92 c7 75 5e bc 0c 25 b3 4e 3c b7 e0 5a 47 28 0c 14 5c 44 b2 ec 4a ce 26 91 ea de e8 4c 5b de d1 cf ec 06 20 f0 e4 b4 f2 85 90 2f fb df 84 61 e7 7a b3 20 7d fc 9f 61 fe e4 8d 72 73 29 6c 0b da 00 2d 5e 5e e2 c6 9d cd fd e7 e3 ff 1a da e2 10 7b 8f bd 6c 92 de 04 76 f1 ab 26 c2 c0 a8 35 07 29 11 1c 9f 46 3f 9f d1 52 17 79 53 16 74 92 fe f6 3d 7e 49 46 1d d9 21 ae 22 97 5b 60 a4 34 56 93 b9 a3 35 fa f2 a1 6b 49 5a 45 94 b5 f0 f7 71 4d 98 0a 23 b7 a9 81 31 04 f4 b2 71 57 05 7e b3 9d 9a df f8 3b f3 9e 4b 1d 05 cc a4 bd 77 c7 5e 1b ae 89 d4 7b c4 ee 73 db 25 c6 55 7c 0d c0 ed 82 d6 6e 73 98 2f 39 e1 d7 25 1d 88 78 3e 43 59 c4 85 a1 db 56 b9 6b 91 a1 0e 0f e4 39 79 ea 98 e8 b3 25 fb 78 8e 4b 41 5d e2 54 ba 54 cc e2 e7 b4 b8 d9 99 35 b8 3b b1 eb 7b 22 a3 42 9e db 4d 32 ff 8f f2 ea ad f9 33 98 8a c6 ac 32 b2 71 a4 fe 57 55 7d 03 8d ed a1 da 32 99 bc 7d 68 79 6f b7 35 f2 91 3c 33 f6 0d 8c b0 e6 34 41 61 f3 5b c7 cc 89 48 fb 60 ac 7d a5 04 8d 6f f0 8c af ca 95 8d 5a 75 c6 f1 aa 5b 27 a7 bb d3 6a 02 10 5c 42 7b a6 37 48 ae d5 5c fb 2a 75 ad e9 f3 f6 b2 33 28 cd c4 60 d0 b5 e0 62 db c8 0a 65 52 55 90 ce b2 2c cb 4b 3d 6e 4d 90 8c 64 78 84 68 9b d5 6f 17 24 a6 e3 05 54 56 c5 6b 31 d0 66 e1 85 a3 f7 33 c2 8b de f1 bd f2 9c 82 92 3f ce 74 bf ee fc a8 a2 71 81 09 c9 54 47 15 71 8d 87 61 db b8 70 fd 7f 0f 9f 1e a9 57 c3 e3 3f 0f 22 75 5d a4 40 4c b4 44 00 50 82 ef 6b 59 e0 05 8e b4 e9 5e 3c b0 09 60 d3 b2 c5 58 61 71 7e f1 11 52 f1 4e bf 9e 41 2a ae 7b 77 ec ad 93 3d f2 36 08 98 3c f6 b5 ab 58 6f 27 2e 68 63 9d 4f 6b 0c 95 c2 f9 1f fe 2a d5 21 7d e3 c6 35 86 cb 79 00 65 9d 5f 17 db c3 ef 29 61 4d 98 00 f1 63 f4 6a d6 26 4d ef 1e b6 3c 22 06 c9 4d 4c c6 2e 78 10 02 80 d2 ba 4f 94 90 99 a9 6d 1b 45 b5 3d a3 05 57 0c 78 78 9e 4a ee 53 2a 5b 4f 52 cc f6 56 b7 a1 82 9f a6 d9 13 7f 5c d8 ae e3 d4 33 ff 41 a0 43 4b a3 e1 a4 41 59 01 01 58 5a 13 63 9a 1e a4 6d ad d1 2b b5 62 d4 5e 0b af 5b 50 60 3b aa 41 8d 42 e3 51 fd 8a 3c 26 e3 8f 64 f9 fc c9 cb e1 26 f0 ad 66 d1 73 28 2b 46 f2 d8 e0 85 13 57 8a 3c 62 c4 af 6b 96 c0 20 24 25 03 80 59 e8 8f
                                                                                                                                                                              Data Ascii: x]L"=Ok#-Xi;)s_!Ep7QP:,DZzK^2@wBFRA-E(uo}ZKVUr%Zy2GgV^^HeAp;H9Q'aU3m/''ByIA|=hB'->(c5?}qSVNJuvZ]f\O]XP;+^U3t8F"d_A[TY,O4AzAZb1XrR!z\Dv)YJDGu^%N<ZG(\DJ&L[ /az }ars)l-^^{lv&5)F?RySt=~IF!"[`4V5kIZEqM#1qW~;Kw^{s%U|ns/9%x>CYVk9y%xKA]TT5;{"BM232qWU}2}hyo5<34Aa[H`}oZu['j\B{7H\*u3(`beRU,K=nMdxho$TVk1f3?tqTGqapW?"u]@LDPkY^<`Xaq~RNA*{w=6<Xo'.hcOk*!}5ye_)aMcj&M<"ML.xOmE=WxxJS*[ORV\3ACKAYXZcm+b^[P`;ABQ<&d&fs(+FW<bk $%Y
                                                                                                                                                                              Sep 30, 2021 09:16:58.057369947 CEST1225INData Raw: 0a c2 7a 29 5e 61 49 9c 5f a2 4e ab b5 97 ea 79 71 06 3d 35 94 9c c4 81 ac 53 a1 f7 2e 9a 90 2d d4 bc 84 7a 88 ca bd fe 8f dc 74 1a 8b 3f 15 30 6e 7d ae 01 e1 d4 3e fd a2 c6 f9 25 d3 be 04 30 c0 40 80 f0 01 51 97 71 5b 5a b3 1f dc 9c 85 d8 c3 7e
                                                                                                                                                                              Data Ascii: z)^aI_Nyq=5S.-zt?0n}>%0@Qq[Z~Sf4ik2FB1rDLjyU(+AMU8mIM~d/BN22!+r}r )IowwZ)IHO`|0qUIYAg~'>xa;dT-
                                                                                                                                                                              Sep 30, 2021 09:16:58.057393074 CEST1226INData Raw: 2d d0 c1 b8 14 8f ee dc bb 41 da f5 ea 8c 38 6c 32 4a d4 76 cf a4 1c ff bf 93 12 0c 66 4e 99 7e 82 5c 3a 67 83 81 c1 bd 29 8b 23 5b b1 17 31 20 dc a4 11 a6 80 f9 41 09 c6 09 05 c2 0f 04 17 ec cd d9 f9 cc 65 11 7e 86 fb 80 87 5f 8d da 1b a2 db 33
                                                                                                                                                                              Data Ascii: -A8l2JvfN~\:g)#[1 Ae~_366|dSpNh2rK?T,M?"j{sA!> />o3[PU3oM>Tb\:o0:M/6~B&^ $*NiV&`jwZl/ZAC'uQf
                                                                                                                                                                              Sep 30, 2021 09:16:58.057409048 CEST1226INData Raw: 30 44 23 63 6b e1 7d 62 63 de d0 19 b0 87 92 ab 52 71 93 5a 7d eb aa e9 2c b0 e7 f6 ec 3b b0 5c f7 8b 96 e8 5f b9 77 85 b3 89 a2 31 f5 66 fb 69 dc ff b9 ce 67 fa 16 7f f1 21 5a ea 10 e4 01 d1 8c c3 22 9a 7c 85 59 30 12 dc f9 de b1 b4 64 e4 a8 5d
                                                                                                                                                                              Data Ascii: 0D#ck}bcRqZ},;\_w1fig!Z"|Y0d]2_Apqi


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                              3192.168.2.449757184.154.27.23280C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                              Sep 30, 2021 09:16:59.313699007 CEST1228OUTGET /report.php?no_policy=1&lang=0&source=setup-end&stage=91&ver=9.1.1.10&affilID=122471&guid={2D9F6D84-E555-456B-B377-7FC7E00E79CD}&mntrId=33EEECF4BBEA1588&moldid=33ee00e8000000000000ecf4bbea1588&sufn=Unlocker1.9.2.exe&iev=11&ffv=0&crv=85&dwb=cr&dlb=ie&wbr=1&ibprs=NA&ibprv=0&sutp=50&sufl=66&tbp=0&prver=0&minreq=0&dtct=-10000000&wvr=602&avr=V2luZG93cyBEZWZlbmRlcg==&tbtp=def&tbinst=1&w64=1&cntry=US&cat=delta&uac=0&osp=hp0:-1938492880;hp1:0;hp2:0;dsp0:-886302982;dsp1:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0&hp=1&dsp=1&tb=1&hpx=0&dspx=0&rvrt=0&excd=0&stm=2&nvs=0&dnld=100&dcnt=1&dtot=1&dlerr=200&dltm=0&dlsz=3844&dsflr=0&errurl=Setup2.zpb&hpc=1998245871&spc=1998245871&tbx=0 HTTP/1.1
                                                                                                                                                                              User-Agent: Babylon
                                                                                                                                                                              Host: stat.info-stream.net
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Sep 30, 2021 09:16:59.433734894 CEST1228INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Thu, 30 Sep 2021 09:30:20 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                              Data Raw: 32 62 0d 0a 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b 0d 0a
                                                                                                                                                                              Data Ascii: 2bGIF89a!,D;
                                                                                                                                                                              Sep 30, 2021 09:16:59.433768034 CEST1228INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Code Manipulations

                                                                                                                                                                              Statistics

                                                                                                                                                                              CPU Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Memory Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                              Behavior

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              System Behavior

                                                                                                                                                                              Analysis Process: Unlocker1.9.2.exe PID: 7036 Parent PID: 5276

                                                                                                                                                                              General

                                                                                                                                                                              Start time:09:16:34
                                                                                                                                                                              Start date:30/09/2021
                                                                                                                                                                              Path:C:\Users\user\Desktop\Unlocker1.9.2.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:'C:\Users\user\Desktop\Unlocker1.9.2.exe'
                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                              File size:1078591 bytes
                                                                                                                                                                              MD5 hash:1E02D6AA4A199448719113AE3926AFB2
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low

                                                                                                                                                                              Chronological Activities

                                                                                                                                                                              Analysis Process: DeltaTB.exe PID: 6416 Parent PID: 7036

                                                                                                                                                                              General

                                                                                                                                                                              Start time:09:16:50
                                                                                                                                                                              Start date:30/09/2021
                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\DeltaTB.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\DeltaTB.exe' /aflt=babsst /babTrack='affID=122471' /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt
                                                                                                                                                                              Imagebase:0x1e0000
                                                                                                                                                                              File size:785904 bytes
                                                                                                                                                                              MD5 hash:EB2764885565B6C01CB32E5F51F213B3
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                              • Detection: 26%, Metadefender, Browse
                                                                                                                                                                              • Detection: 45%, ReversingLabs
                                                                                                                                                                              Reputation:low

                                                                                                                                                                              Chronological Activities

                                                                                                                                                                              Analysis Process: Setup.exe PID: 1836 Parent PID: 6416

                                                                                                                                                                              General

                                                                                                                                                                              Start time:09:16:52
                                                                                                                                                                              Start date:30/09/2021
                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Setup.exe' -xprm='cat=delta' -expg=none /aflt=babsst /babTrack='affID=122471' /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt
                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                              File size:1898992 bytes
                                                                                                                                                                              MD5 hash:26F6D1B6756A83DE9755A05F7C030D75
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low

                                                                                                                                                                              Chronological Activities

                                                                                                                                                                              Analysis Process: rundll32.exe PID: 6464 Parent PID: 1836

                                                                                                                                                                              General

                                                                                                                                                                              Start time:09:16:54
                                                                                                                                                                              Start date:30/09/2021
                                                                                                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:'C:\Windows\SysWOW64\rundll32.exe' C:\Users\user\AppData\Local\Temp\F27BA7~1\IEHelper.dll,UpdateProtectedModeCookieCache URI|http://babylon.com
                                                                                                                                                                              Imagebase:0x210000
                                                                                                                                                                              File size:61952 bytes
                                                                                                                                                                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high

                                                                                                                                                                              Chronological Activities

                                                                                                                                                                              Analysis Process: setup.exe PID: 5404 Parent PID: 1836

                                                                                                                                                                              General

                                                                                                                                                                              Start time:09:16:57
                                                                                                                                                                              Start date:30/09/2021
                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\setup.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:C:\Users\user\AppData\Local\Temp\F27BA7A1-BAB0-7891-9BF2-02DEA2782375\Latest\Setup.exe -latest -trkInfo=[TType:5012_7] -xprm='cat=delta' -expg=none /aflt=babsst /babTrack='affID=122471' /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt
                                                                                                                                                                              Imagebase:0x930000
                                                                                                                                                                              File size:8704 bytes
                                                                                                                                                                              MD5 hash:5790A04F78C61C3CAEA7DDD6F01829D2
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low

                                                                                                                                                                              Chronological Activities

                                                                                                                                                                              Analysis Process: regsvr32.exe PID: 2212 Parent PID: 7036

                                                                                                                                                                              General

                                                                                                                                                                              Start time:09:17:03
                                                                                                                                                                              Start date:30/09/2021
                                                                                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:'C:\Windows\system32\regsvr32.exe' /s 'C:\Program Files\Unlocker\UnlockerCOM.dll'
                                                                                                                                                                              Imagebase:0x10b0000
                                                                                                                                                                              File size:20992 bytes
                                                                                                                                                                              MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high

                                                                                                                                                                              Chronological Activities

                                                                                                                                                                              Analysis Process: regsvr32.exe PID: 5456 Parent PID: 2212

                                                                                                                                                                              General

                                                                                                                                                                              Start time:09:17:03
                                                                                                                                                                              Start date:30/09/2021
                                                                                                                                                                              Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline: /s 'C:\Program Files\Unlocker\UnlockerCOM.dll'
                                                                                                                                                                              Imagebase:0x7ff6e0f10000
                                                                                                                                                                              File size:24064 bytes
                                                                                                                                                                              MD5 hash:D78B75FC68247E8A63ACBA846182740E
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high

                                                                                                                                                                              Chronological Activities

                                                                                                                                                                              Disassembly

                                                                                                                                                                              Code Analysis

                                                                                                                                                                              Reset < >

                                                                                                                                                                                Analysis Process: Unlocker1.9.2.exe PID: 7036 Parent PID: 5276 Unlocker1.9.2.exeCOMMON

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:34.4%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                Signature Coverage:23.6%
                                                                                                                                                                                Total number of Nodes:1242
                                                                                                                                                                                Total number of Limit Nodes:60

                                                                                                                                                                                Graph

                                                                                                                                                                                execution_graph 3959 401cc1 GetDlgItem GetClientRect 3960 4029f6 18 API calls 3959->3960 3961 401cf1 LoadImageA SendMessageA 3960->3961 3962 40288b 3961->3962 3963 401d0f DeleteObject 3961->3963 3963->3962 3964 401dc1 3965 4029f6 18 API calls 3964->3965 3966 401dc7 3965->3966 3967 4029f6 18 API calls 3966->3967 3968 401dd0 3967->3968 3969 4029f6 18 API calls 3968->3969 3970 401dd9 3969->3970 3971 4029f6 18 API calls 3970->3971 3972 401de2 3971->3972 3973 401423 25 API calls 3972->3973 3974 401de9 ShellExecuteA 3973->3974 3975 401e16 3974->3975 3976 401645 3977 4029f6 18 API calls 3976->3977 3978 40164c 3977->3978 3979 4029f6 18 API calls 3978->3979 3980 401655 3979->3980 3981 4029f6 18 API calls 3980->3981 3982 40165e MoveFileA 3981->3982 3983 401671 3982->3983 3984 40166a 3982->3984 3985 405cd8 2 API calls 3983->3985 3988 402169 3983->3988 3986 401423 25 API calls 3984->3986 3987 401680 3985->3987 3986->3988 3987->3988 3989 40572b 38 API calls 3987->3989 3989->3984 3990 401ec5 3991 4029f6 18 API calls 3990->3991 3992 401ecc GetFileVersionInfoSizeA 3991->3992 3993 401f45 3992->3993 3994 401eef GlobalAlloc 3992->3994 3994->3993 3995 401f03 GetFileVersionInfoA 3994->3995 3995->3993 3996 401f14 VerQueryValueA 3995->3996 3996->3993 3997 401f2d 3996->3997 4001 40593b wsprintfA 3997->4001 3999 401f39 4002 40593b wsprintfA 3999->4002 4001->3999 4002->3993 3027 4046ca GetDlgItem GetDlgItem 3028 40471e 7 API calls 3027->3028 3041 40493b 3027->3041 3029 4047c4 DeleteObject 3028->3029 3030 4047b7 SendMessageA 3028->3030 3031 4047cf 3029->3031 3030->3029 3032 404806 3031->3032 3037 4059ff 18 API calls 3031->3037 3081 403d8f 3032->3081 3033 404a25 3036 404ad4 3033->3036 3044 404cb6 3033->3044 3048 404a7e SendMessageA 3033->3048 3034 404a06 3034->3033 3045 404a17 SendMessageA 3034->3045 3038 404ae9 3036->3038 3039 404add SendMessageA 3036->3039 3040 4047e8 SendMessageA SendMessageA 3037->3040 3050 404b02 3038->3050 3051 404afb ImageList_Destroy 3038->3051 3059 404b12 3038->3059 3039->3038 3040->3031 3041->3033 3041->3034 3042 40499e 3041->3042 3094 40464a SendMessageA 3042->3094 3043 40481a 3047 403d8f 19 API calls 3043->3047 3102 403df6 3044->3102 3045->3033 3064 404828 3047->3064 3048->3044 3053 404a93 SendMessageA 3048->3053 3055 404b0b GlobalFree 3050->3055 3050->3059 3051->3050 3052 404c78 3052->3044 3060 404c8a ShowWindow GetDlgItem ShowWindow 3052->3060 3057 404aa6 3053->3057 3055->3059 3056 4048fc GetWindowLongA SetWindowLongA 3058 404915 3056->3058 3070 404ab7 SendMessageA 3057->3070 3061 404933 3058->3061 3062 40491b ShowWindow 3058->3062 3059->3052 3075 404b44 3059->3075 3099 40140b 3059->3099 3060->3044 3093 403dc4 SendMessageA 3061->3093 3092 403dc4 SendMessageA 3062->3092 3063 4049af 3063->3034 3064->3056 3067 404877 SendMessageA 3064->3067 3071 4048f6 3064->3071 3073 4048b3 SendMessageA 3064->3073 3074 4048c4 SendMessageA 3064->3074 3067->3064 3069 404b88 3076 404c4e InvalidateRect 3069->3076 3080 404bfc SendMessageA SendMessageA 3069->3080 3070->3036 3071->3056 3071->3058 3072 40492e 3072->3044 3073->3064 3074->3064 3075->3069 3077 404b72 SendMessageA 3075->3077 3076->3052 3078 404c64 3076->3078 3077->3069 3084 404568 3078->3084 3080->3069 3082 4059ff 18 API calls 3081->3082 3083 403d9a SetDlgItemTextA 3082->3083 3083->3043 3085 404582 3084->3085 3086 4059ff 18 API calls 3085->3086 3087 4045b7 3086->3087 3088 4059ff 18 API calls 3087->3088 3089 4045c2 3088->3089 3090 4059ff 18 API calls 3089->3090 3091 4045f3 lstrlenA wsprintfA SetDlgItemTextA 3090->3091 3091->3052 3092->3072 3093->3041 3095 4046a9 SendMessageA 3094->3095 3096 40466d GetMessagePos ScreenToClient SendMessageA 3094->3096 3097 4046a1 3095->3097 3096->3097 3098 4046a6 3096->3098 3097->3063 3098->3095 3116 401389 3099->3116 3103 403e97 3102->3103 3104 403e0e GetWindowLongA 3102->3104 3104->3103 3105 403e1f 3104->3105 3106 403e31 3105->3106 3107 403e2e GetSysColor 3105->3107 3108 403e41 SetBkMode 3106->3108 3109 403e37 SetTextColor 3106->3109 3107->3106 3110 403e59 GetSysColor 3108->3110 3111 403e5f 3108->3111 3109->3108 3110->3111 3112 403e70 3111->3112 3113 403e66 SetBkColor 3111->3113 3112->3103 3114 403e83 DeleteObject 3112->3114 3115 403e8a CreateBrushIndirect 3112->3115 3113->3112 3114->3115 3115->3103 3117 401390 3116->3117 3118 4013fe 3117->3118 3119 4013cb MulDiv SendMessageA 3117->3119 3118->3075 3119->3117 3120 4030cb #17 SetErrorMode OleInitialize 3190 405cff GetModuleHandleA 3120->3190 3124 403139 GetCommandLineA 3195 4059dd lstrcpynA 3124->3195 3126 40314b GetModuleHandleA 3127 403162 3126->3127 3128 4054fb CharNextA 3127->3128 3129 403176 CharNextA 3128->3129 3134 403183 3129->3134 3130 4031ec 3131 4031ff GetTempPathA 3130->3131 3196 403097 3131->3196 3133 403215 3135 403239 DeleteFileA 3133->3135 3136 403219 GetWindowsDirectoryA lstrcatA 3133->3136 3134->3130 3137 4054fb CharNextA 3134->3137 3141 4031ee 3134->3141 3204 402c22 GetTickCount GetModuleFileNameA 3135->3204 3138 403097 11 API calls 3136->3138 3137->3134 3140 403235 3138->3140 3140->3135 3144 4032b7 ExitProcess OleUninitialize 3140->3144 3286 4059dd lstrcpynA 3141->3286 3142 40324a 3142->3144 3145 4032a3 3142->3145 3150 4054fb CharNextA 3142->3150 3146 4033b1 3144->3146 3147 4032cc 3144->3147 3232 403526 3145->3232 3148 403434 ExitProcess 3146->3148 3153 405cff 3 API calls 3146->3153 3151 40529e MessageBoxIndirectA 3147->3151 3156 403261 3150->3156 3152 4032da ExitProcess 3151->3152 3157 4033c0 3153->3157 3154 4032b3 3154->3144 3159 4032e2 lstrcatA lstrcmpiA 3156->3159 3160 40327e 3156->3160 3158 405cff 3 API calls 3157->3158 3161 4033c9 3158->3161 3159->3144 3162 4032fe CreateDirectoryA SetCurrentDirectoryA 3159->3162 3287 4055b1 3160->3287 3164 405cff 3 API calls 3161->3164 3165 403320 3162->3165 3166 403315 3162->3166 3168 4033d2 3164->3168 3304 4059dd lstrcpynA 3165->3304 3303 4059dd lstrcpynA 3166->3303 3169 403420 ExitWindowsEx 3168->3169 3174 4033e0 GetCurrentProcess 3168->3174 3169->3148 3173 40342d 3169->3173 3176 40140b 2 API calls 3173->3176 3179 4033f0 3174->3179 3175 403298 3302 4059dd lstrcpynA 3175->3302 3176->3148 3178 4059ff 18 API calls 3180 403350 DeleteFileA 3178->3180 3179->3169 3181 40335d CopyFileA 3180->3181 3187 40332e 3180->3187 3181->3187 3182 4033a5 3183 40572b 38 API calls 3182->3183 3185 4033ac 3183->3185 3185->3144 3186 4059ff 18 API calls 3186->3187 3187->3178 3187->3182 3187->3186 3189 403391 CloseHandle 3187->3189 3305 40572b 3187->3305 3331 40523d CreateProcessA 3187->3331 3189->3187 3191 405d26 GetProcAddress 3190->3191 3192 405d1b LoadLibraryA 3190->3192 3193 40310e SHGetFileInfoA 3191->3193 3192->3191 3192->3193 3194 4059dd lstrcpynA 3193->3194 3194->3124 3195->3126 3197 405c3f 5 API calls 3196->3197 3199 4030a3 3197->3199 3198 4030ad 3198->3133 3199->3198 3334 4054d0 lstrlenA CharPrevA 3199->3334 3341 4056b4 GetFileAttributesA CreateFileA 3204->3341 3206 402c62 3224 402c72 3206->3224 3342 4059dd lstrcpynA 3206->3342 3208 402c88 3343 405517 lstrlenA 3208->3343 3212 402c99 GetFileSize 3213 402d95 3212->3213 3226 402cb0 3212->3226 3348 402bbe 3213->3348 3215 402d9e 3217 402dce GlobalAlloc 3215->3217 3215->3224 3359 403080 SetFilePointer 3215->3359 3216 40304e ReadFile 3216->3226 3360 403080 SetFilePointer 3217->3360 3219 402e01 3221 402bbe 6 API calls 3219->3221 3221->3224 3222 402db7 3225 40304e ReadFile 3222->3225 3223 402de9 3227 402e5b 37 API calls 3223->3227 3224->3142 3228 402dc2 3225->3228 3226->3213 3226->3216 3226->3219 3226->3224 3229 402bbe 6 API calls 3226->3229 3230 402df5 3227->3230 3228->3217 3228->3224 3229->3226 3230->3224 3230->3230 3231 402e32 SetFilePointer 3230->3231 3231->3224 3233 405cff 3 API calls 3232->3233 3234 40353a 3233->3234 3235 403540 3234->3235 3236 403552 3234->3236 3381 40593b wsprintfA 3235->3381 3237 4058c4 3 API calls 3236->3237 3238 403573 3237->3238 3240 403591 lstrcatA 3238->3240 3241 4058c4 3 API calls 3238->3241 3242 403550 3240->3242 3241->3240 3365 4037ef 3242->3365 3245 4055b1 18 API calls 3246 4035c3 3245->3246 3247 40364c 3246->3247 3249 4058c4 3 API calls 3246->3249 3248 4055b1 18 API calls 3247->3248 3250 403652 3248->3250 3251 4035ef 3249->3251 3252 403662 LoadImageA 3250->3252 3253 4059ff 18 API calls 3250->3253 3251->3247 3259 40360b lstrlenA 3251->3259 3263 4054fb CharNextA 3251->3263 3254 403716 3252->3254 3255 40368d RegisterClassA 3252->3255 3253->3252 3258 40140b 2 API calls 3254->3258 3256 403720 3255->3256 3257 4036c9 SystemParametersInfoA CreateWindowExA 3255->3257 3256->3154 3257->3254 3262 40371c 3258->3262 3260 403619 lstrcmpiA 3259->3260 3261 40363f 3259->3261 3260->3261 3264 403629 GetFileAttributesA 3260->3264 3265 4054d0 3 API calls 3261->3265 3262->3256 3268 4037ef 19 API calls 3262->3268 3266 403609 3263->3266 3267 403635 3264->3267 3269 403645 3265->3269 3266->3259 3267->3261 3270 405517 2 API calls 3267->3270 3271 40372d 3268->3271 3382 4059dd lstrcpynA 3269->3382 3270->3261 3273 403739 ShowWindow LoadLibraryA 3271->3273 3274 4037bc 3271->3274 3276 403758 LoadLibraryA 3273->3276 3277 40375f GetClassInfoA 3273->3277 3374 404e4d OleInitialize 3274->3374 3276->3277 3279 403773 GetClassInfoA RegisterClassA 3277->3279 3280 403789 DialogBoxParamA 3277->3280 3278 4037c2 3281 4037de 3278->3281 3283 4037c6 3278->3283 3279->3280 3282 40140b 2 API calls 3280->3282 3284 40140b 2 API calls 3281->3284 3282->3256 3283->3256 3285 40140b 2 API calls 3283->3285 3284->3256 3285->3256 3286->3131 3387 4059dd lstrcpynA 3287->3387 3289 4055c2 3388 405564 CharNextA CharNextA 3289->3388 3292 403289 3292->3144 3301 4059dd lstrcpynA 3292->3301 3293 405c3f 5 API calls 3299 4055d8 3293->3299 3294 405603 lstrlenA 3295 40560e 3294->3295 3294->3299 3297 4054d0 3 API calls 3295->3297 3298 405613 GetFileAttributesA 3297->3298 3298->3292 3299->3292 3299->3294 3300 405517 2 API calls 3299->3300 3394 405cd8 FindFirstFileA 3299->3394 3300->3294 3301->3175 3302->3145 3303->3165 3304->3187 3306 405cff 3 API calls 3305->3306 3307 405736 3306->3307 3308 405793 GetShortPathNameA 3307->3308 3311 405888 3307->3311 3397 4056b4 GetFileAttributesA CreateFileA 3307->3397 3310 4057a8 3308->3310 3308->3311 3310->3311 3313 4057b0 wsprintfA 3310->3313 3311->3187 3312 405777 CloseHandle GetShortPathNameA 3312->3311 3314 40578b 3312->3314 3315 4059ff 18 API calls 3313->3315 3314->3308 3314->3311 3316 4057d8 3315->3316 3398 4056b4 GetFileAttributesA CreateFileA 3316->3398 3318 4057e5 3318->3311 3319 4057f4 GetFileSize GlobalAlloc 3318->3319 3320 405881 CloseHandle 3319->3320 3321 405812 ReadFile 3319->3321 3320->3311 3321->3320 3322 405826 3321->3322 3322->3320 3399 405629 lstrlenA 3322->3399 3325 405895 3328 405629 4 API calls 3325->3328 3326 40583b 3404 4059dd lstrcpynA 3326->3404 3329 405849 3328->3329 3330 40585c SetFilePointer WriteFile GlobalFree 3329->3330 3330->3320 3332 405278 3331->3332 3333 40526c CloseHandle 3331->3333 3332->3187 3333->3332 3335 4030b5 CreateDirectoryA 3334->3335 3336 4054ea lstrcatA 3334->3336 3337 4056e3 3335->3337 3336->3335 3338 4056ee GetTickCount GetTempFileNameA 3337->3338 3339 40571a 3338->3339 3340 4030c9 3338->3340 3339->3338 3339->3340 3340->3133 3341->3206 3342->3208 3344 405524 3343->3344 3345 402c8e 3344->3345 3346 405529 CharPrevA 3344->3346 3347 4059dd lstrcpynA 3345->3347 3346->3344 3346->3345 3347->3212 3349 402bc7 3348->3349 3350 402bdf 3348->3350 3353 402bd0 DestroyWindow 3349->3353 3354 402bd7 3349->3354 3351 402be7 3350->3351 3352 402bef GetTickCount 3350->3352 3361 405d38 3351->3361 3356 402c20 3352->3356 3357 402bfd CreateDialogParamA ShowWindow 3352->3357 3353->3354 3354->3215 3356->3215 3357->3356 3359->3222 3360->3223 3362 405d55 PeekMessageA 3361->3362 3363 402bed 3362->3363 3364 405d4b DispatchMessageA 3362->3364 3363->3215 3364->3362 3366 403803 3365->3366 3383 40593b wsprintfA 3366->3383 3368 403874 3369 4059ff 18 API calls 3368->3369 3370 403880 SetWindowTextA 3369->3370 3371 4035a1 3370->3371 3372 40389c 3370->3372 3371->3245 3372->3371 3373 4059ff 18 API calls 3372->3373 3373->3372 3384 403ddb 3374->3384 3376 404e97 3377 403ddb SendMessageA 3376->3377 3379 404ea9 OleUninitialize 3377->3379 3378 404e70 3378->3376 3380 401389 2 API calls 3378->3380 3379->3278 3380->3378 3381->3242 3382->3247 3383->3368 3385 403df3 3384->3385 3386 403de4 SendMessageA 3384->3386 3385->3378 3386->3385 3387->3289 3389 40557e 3388->3389 3393 40558a 3388->3393 3390 405585 CharNextA 3389->3390 3389->3393 3391 4055a7 3390->3391 3391->3292 3391->3293 3392 4054fb CharNextA 3392->3393 3393->3391 3393->3392 3395 405cf9 3394->3395 3396 405cee FindClose 3394->3396 3395->3299 3396->3395 3397->3312 3398->3318 3400 40565f lstrlenA 3399->3400 3401 405669 3400->3401 3402 40563d lstrcmpiA 3400->3402 3401->3325 3401->3326 3402->3401 3403 405656 CharNextA 3402->3403 3403->3400 3404->3329 3405 404ccb 3406 404cf0 3405->3406 3407 404cd9 3405->3407 3409 404cfe IsWindowVisible 3406->3409 3416 404d1c 3406->3416 3408 404cdf 3407->3408 3424 404d59 3407->3424 3410 403ddb SendMessageA 3408->3410 3412 404d0b 3409->3412 3409->3424 3413 404ce9 3410->3413 3411 404d5f CallWindowProcA 3411->3413 3414 40464a 5 API calls 3412->3414 3415 404d15 3414->3415 3415->3416 3416->3411 3425 4059dd lstrcpynA 3416->3425 3418 404d44 3426 40593b wsprintfA 3418->3426 3420 404d4b 3421 40140b 2 API calls 3420->3421 3422 404d52 3421->3422 3427 4059dd lstrcpynA 3422->3427 3424->3411 3425->3418 3426->3420 3427->3424 3428 40344c 3429 403464 3428->3429 3430 403456 CloseHandle 3428->3430 3435 403491 3429->3435 3430->3429 3436 40349f 3435->3436 3437 403469 3436->3437 3438 4034a4 FreeLibrary GlobalFree 3436->3438 3439 405302 3437->3439 3438->3437 3438->3438 3440 4055b1 18 API calls 3439->3440 3441 405316 3440->3441 3442 405336 3441->3442 3443 40531f DeleteFileA 3441->3443 3445 40546b 3442->3445 3480 4059dd lstrcpynA 3442->3480 3444 403475 3443->3444 3445->3444 3450 405cd8 2 API calls 3445->3450 3447 405360 3448 405371 3447->3448 3449 405364 lstrcatA 3447->3449 3452 405517 2 API calls 3448->3452 3451 405377 3449->3451 3453 405490 3450->3453 3454 405385 lstrcatA 3451->3454 3455 405390 lstrlenA FindFirstFileA 3451->3455 3452->3451 3453->3444 3456 4054d0 3 API calls 3453->3456 3454->3455 3455->3445 3470 4053b4 3455->3470 3458 40549a 3456->3458 3457 4054fb CharNextA 3457->3470 3459 405695 2 API calls 3458->3459 3460 4054a0 RemoveDirectoryA 3459->3460 3461 4054c2 3460->3461 3462 4054ab 3460->3462 3463 404d7b 25 API calls 3461->3463 3462->3444 3466 4054b1 3462->3466 3463->3444 3464 40544a FindNextFileA 3467 405462 FindClose 3464->3467 3464->3470 3468 404d7b 25 API calls 3466->3468 3467->3445 3469 4054b9 3468->3469 3471 40572b 38 API calls 3469->3471 3470->3457 3470->3464 3473 405302 59 API calls 3470->3473 3476 404d7b 25 API calls 3470->3476 3479 405428 3470->3479 3481 4059dd lstrcpynA 3470->3481 3482 405695 GetFileAttributesA 3470->3482 3474 4054c0 3471->3474 3473->3470 3474->3444 3476->3464 3477 404d7b 25 API calls 3477->3479 3478 40572b 38 API calls 3478->3479 3479->3464 3479->3477 3479->3478 3480->3447 3481->3470 3483 405417 DeleteFileA 3482->3483 3484 4056a4 SetFileAttributesA 3482->3484 3483->3470 3484->3483 4013 4025cc 4014 4025d3 4013->4014 4016 402838 4013->4016 4015 4029d9 18 API calls 4014->4015 4017 4025de 4015->4017 4018 4025e5 SetFilePointer 4017->4018 4018->4016 4019 4025f5 4018->4019 4021 40593b wsprintfA 4019->4021 4021->4016 3491 4041cd 3492 40420b 3491->3492 3493 4041fe 3491->3493 3495 404214 GetDlgItem 3492->3495 3501 404286 3492->3501 3561 405282 GetDlgItemTextA 3493->3561 3497 404228 3495->3497 3496 404205 3499 405c3f 5 API calls 3496->3499 3500 40423c SetWindowTextA 3497->3500 3505 405564 4 API calls 3497->3505 3498 40435b 3554 4044e7 3498->3554 3559 405282 GetDlgItemTextA 3498->3559 3499->3492 3503 403d8f 19 API calls 3500->3503 3501->3498 3506 4059ff 18 API calls 3501->3506 3501->3554 3510 40425a 3503->3510 3504 403df6 8 API calls 3511 4044fb 3504->3511 3512 404232 3505->3512 3508 4042ed SHBrowseForFolderA 3506->3508 3507 404387 3509 4055b1 18 API calls 3507->3509 3508->3498 3513 404305 CoTaskMemFree 3508->3513 3514 40438d 3509->3514 3515 403d8f 19 API calls 3510->3515 3512->3500 3518 4054d0 3 API calls 3512->3518 3516 4054d0 3 API calls 3513->3516 3560 4059dd lstrcpynA 3514->3560 3517 404268 3515->3517 3519 404312 3516->3519 3558 403dc4 SendMessageA 3517->3558 3518->3500 3522 404349 SetDlgItemTextA 3519->3522 3527 4059ff 18 API calls 3519->3527 3522->3498 3523 4043a4 3525 405cff 3 API calls 3523->3525 3524 404270 3526 405cff 3 API calls 3524->3526 3536 4043ac 3525->3536 3528 404277 3526->3528 3529 404331 lstrcmpiA 3527->3529 3531 40427f SHAutoComplete 3528->3531 3528->3554 3529->3522 3533 404342 lstrcatA 3529->3533 3530 4043e6 3562 4059dd lstrcpynA 3530->3562 3531->3501 3533->3522 3534 4043b9 GetDiskFreeSpaceExA 3534->3536 3544 404439 3534->3544 3535 4043ef 3537 405564 4 API calls 3535->3537 3536->3530 3536->3534 3539 405517 2 API calls 3536->3539 3538 4043f5 3537->3538 3540 4043f9 3538->3540 3541 4043fc GetDiskFreeSpaceA 3538->3541 3539->3536 3540->3541 3542 404451 3541->3542 3543 404417 MulDiv 3541->3543 3542->3544 3543->3544 3545 404568 21 API calls 3544->3545 3555 404496 3544->3555 3547 404488 3545->3547 3546 4044b9 3563 403db1 KiUserCallbackDispatcher 3546->3563 3549 404498 SetDlgItemTextA 3547->3549 3550 40448d 3547->3550 3548 40140b 2 API calls 3548->3546 3549->3555 3553 404568 21 API calls 3550->3553 3552 4044d5 3552->3554 3556 4044e2 3552->3556 3553->3555 3554->3504 3555->3546 3555->3548 3564 404162 3556->3564 3558->3524 3559->3507 3560->3523 3561->3496 3562->3535 3563->3552 3565 404170 3564->3565 3566 404175 SendMessageA 3564->3566 3565->3566 3566->3554 3567 401f51 3568 401f63 3567->3568 3569 402012 3567->3569 3570 4029f6 18 API calls 3568->3570 3572 401423 25 API calls 3569->3572 3571 401f6a 3570->3571 3573 4029f6 18 API calls 3571->3573 3577 402169 3572->3577 3574 401f73 3573->3574 3575 401f88 LoadLibraryExA 3574->3575 3576 401f7b GetModuleHandleA 3574->3576 3575->3569 3578 401f98 GetProcAddress 3575->3578 3576->3575 3576->3578 3579 401fe5 3578->3579 3580 401fa8 3578->3580 3581 404d7b 25 API calls 3579->3581 3583 401fb8 3580->3583 3585 401423 3580->3585 3581->3583 3583->3577 3584 402006 FreeLibrary 3583->3584 3584->3577 3586 404d7b 25 API calls 3585->3586 3587 401431 3586->3587 3587->3583 4022 4014d6 4023 4029d9 18 API calls 4022->4023 4024 4014dc Sleep 4023->4024 4026 40288b 4024->4026 3596 403ed7 3597 403eed 3596->3597 3601 403ffa 3596->3601 3599 403d8f 19 API calls 3597->3599 3598 404069 3600 404073 GetDlgItem 3598->3600 3602 40413d 3598->3602 3603 403f43 3599->3603 3604 404089 3600->3604 3605 4040fb 3600->3605 3601->3598 3601->3602 3606 40403e GetDlgItem SendMessageA 3601->3606 3607 403df6 8 API calls 3602->3607 3608 403d8f 19 API calls 3603->3608 3604->3605 3612 4040af 6 API calls 3604->3612 3605->3602 3613 40410d 3605->3613 3627 403db1 KiUserCallbackDispatcher 3606->3627 3610 404138 3607->3610 3611 403f50 CheckDlgButton 3608->3611 3625 403db1 KiUserCallbackDispatcher 3611->3625 3612->3605 3616 404113 SendMessageA 3613->3616 3617 404124 3613->3617 3614 404064 3619 404162 SendMessageA 3614->3619 3616->3617 3617->3610 3618 40412a SendMessageA 3617->3618 3618->3610 3619->3598 3620 403f6e GetDlgItem 3626 403dc4 SendMessageA 3620->3626 3622 403f84 SendMessageA 3623 403fa2 GetSysColor 3622->3623 3624 403fab SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 3622->3624 3623->3624 3624->3610 3625->3620 3626->3622 3627->3614 4032 4018d8 4033 40190f 4032->4033 4034 4029f6 18 API calls 4033->4034 4035 401914 4034->4035 4036 405302 68 API calls 4035->4036 4037 40191d 4036->4037 4038 4018db 4039 4029f6 18 API calls 4038->4039 4040 4018e2 4039->4040 4041 40529e MessageBoxIndirectA 4040->4041 4042 4018eb 4041->4042 4057 4034e4 4058 4034ef 4057->4058 4059 4034f3 4058->4059 4060 4034f6 GlobalAlloc 4058->4060 4060->4059 4068 401ae5 4069 4029f6 18 API calls 4068->4069 4070 401aec 4069->4070 4071 4029d9 18 API calls 4070->4071 4072 401af5 wsprintfA 4071->4072 4073 40288b 4072->4073 3679 402866 SendMessageA 3680 402880 InvalidateRect 3679->3680 3681 40288b 3679->3681 3680->3681 4074 4019e6 4075 4029f6 18 API calls 4074->4075 4076 4019ef ExpandEnvironmentStringsA 4075->4076 4077 401a03 4076->4077 4079 401a16 4076->4079 4078 401a08 lstrcmpA 4077->4078 4077->4079 4078->4079 3682 402267 3683 4029f6 18 API calls 3682->3683 3684 402275 3683->3684 3685 4029f6 18 API calls 3684->3685 3686 40227e 3685->3686 3687 4029f6 18 API calls 3686->3687 3688 402288 GetPrivateProfileStringA 3687->3688 4080 401c6d 4081 4029d9 18 API calls 4080->4081 4082 401c73 IsWindow 4081->4082 4083 4019d6 4082->4083 4084 4014f0 SetForegroundWindow 4085 40288b 4084->4085 4086 402172 4087 4029f6 18 API calls 4086->4087 4088 402178 4087->4088 4089 4029f6 18 API calls 4088->4089 4090 402181 4089->4090 4091 4029f6 18 API calls 4090->4091 4092 40218a 4091->4092 4093 405cd8 2 API calls 4092->4093 4094 402193 4093->4094 4095 4021a4 lstrlenA lstrlenA 4094->4095 4096 402197 4094->4096 4097 404d7b 25 API calls 4095->4097 4098 404d7b 25 API calls 4096->4098 4100 40219f 4096->4100 4099 4021e0 SHFileOperationA 4097->4099 4098->4100 4099->4096 4099->4100 4101 4021f4 4102 4021fb 4101->4102 4103 40220e 4101->4103 4104 4059ff 18 API calls 4102->4104 4105 402208 4104->4105 4106 40529e MessageBoxIndirectA 4105->4106 4106->4103 4107 4062f4 4111 405e2c 4107->4111 4108 406797 4109 405eb6 GlobalAlloc 4109->4108 4109->4111 4110 405ead GlobalFree 4110->4109 4111->4108 4111->4109 4111->4110 4111->4111 4112 405f24 GlobalFree 4111->4112 4113 405f2d GlobalAlloc 4111->4113 4112->4113 4113->4108 4113->4111 4114 4016fa 4115 4029f6 18 API calls 4114->4115 4116 401701 SearchPathA 4115->4116 4117 40171c 4116->4117 4118 4025fb 4119 402602 4118->4119 4120 40288b 4118->4120 4121 402608 FindClose 4119->4121 4121->4120 3860 40267c 3861 4029f6 18 API calls 3860->3861 3863 40268a 3861->3863 3862 4026a0 3865 405695 2 API calls 3862->3865 3863->3862 3864 4029f6 18 API calls 3863->3864 3864->3862 3866 4026a6 3865->3866 3886 4056b4 GetFileAttributesA CreateFileA 3866->3886 3868 4026b3 3869 40275c 3868->3869 3870 4026bf GlobalAlloc 3868->3870 3871 402764 DeleteFileA 3869->3871 3872 402777 3869->3872 3873 402753 CloseHandle 3870->3873 3874 4026d8 3870->3874 3871->3872 3873->3869 3887 403080 SetFilePointer 3874->3887 3876 4026de 3877 40304e ReadFile 3876->3877 3878 4026e7 GlobalAlloc 3877->3878 3879 4026f7 3878->3879 3880 40272b WriteFile GlobalFree 3878->3880 3881 402e5b 37 API calls 3879->3881 3882 402e5b 37 API calls 3880->3882 3885 402704 3881->3885 3883 402750 3882->3883 3883->3873 3884 402722 GlobalFree 3884->3880 3885->3884 3886->3868 3887->3876 4122 4014fe 4123 401506 4122->4123 4125 401519 4122->4125 4124 4029d9 18 API calls 4123->4124 4124->4125 4126 401000 4127 401037 BeginPaint GetClientRect 4126->4127 4129 40100c DefWindowProcA 4126->4129 4130 4010f3 4127->4130 4131 401179 4129->4131 4132 401073 CreateBrushIndirect FillRect DeleteObject 4130->4132 4133 4010fc 4130->4133 4132->4130 4134 401102 CreateFontIndirectA 4133->4134 4135 401167 EndPaint 4133->4135 4134->4135 4136 401112 6 API calls 4134->4136 4135->4131 4136->4135 4137 404502 4138 404512 4137->4138 4139 40452e 4137->4139 4148 405282 GetDlgItemTextA 4138->4148 4141 404561 4139->4141 4142 404534 SHGetPathFromIDListA 4139->4142 4144 40454b SendMessageA 4142->4144 4145 404544 4142->4145 4143 40451f SendMessageA 4143->4139 4144->4141 4147 40140b 2 API calls 4145->4147 4147->4144 4148->4143 2893 402303 2894 402309 2893->2894 2910 4029f6 2894->2910 2897 4029f6 18 API calls 2898 402325 RegCreateKeyExA 2897->2898 2899 40288b 2898->2899 2900 40234f 2898->2900 2901 402367 2900->2901 2902 4029f6 18 API calls 2900->2902 2903 402373 2901->2903 2916 4029d9 2901->2916 2906 402360 lstrlenA 2902->2906 2905 40238e RegSetValueExA 2903->2905 2919 402e5b 2903->2919 2908 4023a4 RegCloseKey 2905->2908 2906->2901 2908->2899 2911 402a02 2910->2911 2940 4059ff 2911->2940 2914 40231b 2914->2897 2917 4059ff 18 API calls 2916->2917 2918 4029ed 2917->2918 2918->2903 2921 402e71 2919->2921 2920 402e9c 2979 40304e ReadFile 2920->2979 2921->2920 2999 403080 SetFilePointer 2921->2999 2925 402fe2 2927 402fe6 2925->2927 2932 402ffe 2925->2932 2926 402eb9 GetTickCount 2936 402ecc 2926->2936 2929 40304e ReadFile 2927->2929 2928 402fcd 2928->2905 2929->2928 2930 40304e ReadFile 2930->2932 2931 40304e ReadFile 2931->2936 2932->2928 2932->2930 2933 403019 WriteFile 2932->2933 2933->2928 2933->2932 2935 402f32 GetTickCount 2935->2936 2936->2928 2936->2931 2936->2935 2937 402f5b MulDiv wsprintfA 2936->2937 2938 402f99 WriteFile 2936->2938 2981 405df9 2936->2981 2988 404d7b 2937->2988 2938->2928 2938->2936 2949 405a0c 2940->2949 2941 405c26 2942 402a23 2941->2942 2974 4059dd lstrcpynA 2941->2974 2942->2914 2958 405c3f 2942->2958 2944 405aa4 GetVersion 2944->2949 2945 405bfd lstrlenA 2945->2949 2946 4059ff 10 API calls 2946->2945 2949->2941 2949->2944 2949->2945 2949->2946 2950 405b1c GetSystemDirectoryA 2949->2950 2952 405b2f GetWindowsDirectoryA 2949->2952 2953 405c3f 5 API calls 2949->2953 2954 4059ff 10 API calls 2949->2954 2955 405ba6 lstrcatA 2949->2955 2956 405b63 SHGetSpecialFolderLocation 2949->2956 2967 4058c4 RegOpenKeyExA 2949->2967 2972 40593b wsprintfA 2949->2972 2973 4059dd lstrcpynA 2949->2973 2950->2949 2952->2949 2953->2949 2954->2949 2955->2949 2956->2949 2957 405b7b SHGetPathFromIDListA CoTaskMemFree 2956->2957 2957->2949 2959 405c4b 2958->2959 2961 405ca8 CharNextA 2959->2961 2963 405cb3 2959->2963 2965 405c96 CharNextA 2959->2965 2966 405ca3 CharNextA 2959->2966 2975 4054fb 2959->2975 2960 405cb7 CharPrevA 2960->2963 2961->2959 2961->2963 2963->2960 2964 405cd2 2963->2964 2964->2914 2965->2959 2966->2961 2968 405935 2967->2968 2969 4058f7 RegQueryValueExA 2967->2969 2968->2949 2970 405918 RegCloseKey 2969->2970 2970->2968 2972->2949 2973->2949 2974->2942 2976 405501 2975->2976 2977 405514 2976->2977 2978 405507 CharNextA 2976->2978 2977->2959 2978->2976 2980 402ea7 2979->2980 2980->2925 2980->2926 2980->2928 2982 405e1e 2981->2982 2983 405e26 2981->2983 2982->2936 2983->2982 2984 405eb6 GlobalAlloc 2983->2984 2985 405ead GlobalFree 2983->2985 2986 405f24 GlobalFree 2983->2986 2987 405f2d GlobalAlloc 2983->2987 2984->2982 2984->2983 2985->2984 2986->2987 2987->2982 2987->2983 2990 404d96 2988->2990 2998 404e39 2988->2998 2989 404db3 lstrlenA 2992 404dc1 lstrlenA 2989->2992 2993 404ddc 2989->2993 2990->2989 2991 4059ff 18 API calls 2990->2991 2991->2989 2994 404dd3 lstrcatA 2992->2994 2992->2998 2995 404de2 SetWindowTextA 2993->2995 2996 404def 2993->2996 2994->2993 2995->2996 2997 404df5 SendMessageA SendMessageA SendMessageA 2996->2997 2996->2998 2997->2998 2998->2936 2999->2920 4149 402803 4150 4029d9 18 API calls 4149->4150 4151 402809 4150->4151 4152 40283a 4151->4152 4153 402817 4151->4153 4155 40265c 4151->4155 4154 4059ff 18 API calls 4152->4154 4152->4155 4153->4155 4157 40593b wsprintfA 4153->4157 4154->4155 4157->4155 3000 401b06 3001 401b13 3000->3001 3002 401b57 3000->3002 3005 4021fb 3001->3005 3009 401b2a 3001->3009 3003 401b80 GlobalAlloc 3002->3003 3004 401b5b 3002->3004 3006 4059ff 18 API calls 3003->3006 3018 401b9b 3004->3018 3021 4059dd lstrcpynA 3004->3021 3007 4059ff 18 API calls 3005->3007 3006->3018 3008 402208 3007->3008 3022 40529e 3008->3022 3019 4059dd lstrcpynA 3009->3019 3012 401b6d GlobalFree 3012->3018 3014 401b39 3020 4059dd lstrcpynA 3014->3020 3016 401b48 3026 4059dd lstrcpynA 3016->3026 3019->3014 3020->3016 3021->3012 3023 4052b3 3022->3023 3024 4052ff 3023->3024 3025 4052c7 MessageBoxIndirectA 3023->3025 3024->3018 3025->3024 3026->3018 4158 402506 4159 4029d9 18 API calls 4158->4159 4160 402510 4159->4160 4161 402544 ReadFile 4160->4161 4162 402588 4160->4162 4164 402598 4160->4164 4166 402586 4160->4166 4161->4160 4161->4166 4167 40593b wsprintfA 4162->4167 4165 4025ae SetFilePointer 4164->4165 4164->4166 4165->4166 4167->4166 4168 404186 4169 404196 4168->4169 4170 4041bc 4168->4170 4171 403d8f 19 API calls 4169->4171 4172 403df6 8 API calls 4170->4172 4173 4041a3 SetDlgItemTextA 4171->4173 4174 4041c8 4172->4174 4173->4170 4175 401c8a 4176 4029d9 18 API calls 4175->4176 4177 401c91 4176->4177 4178 4029d9 18 API calls 4177->4178 4179 401c99 GetDlgItem 4178->4179 4180 4024b8 4179->4180 4188 401490 4189 404d7b 25 API calls 4188->4189 4190 401497 4189->4190 3588 401d95 3589 4029d9 18 API calls 3588->3589 3590 401d9b 3589->3590 3591 4029d9 18 API calls 3590->3591 3592 401da4 3591->3592 3593 401db6 EnableWindow 3592->3593 3594 401dab ShowWindow 3592->3594 3595 40288b 3593->3595 3594->3595 4191 402615 4192 402618 4191->4192 4193 402630 4191->4193 4194 402625 FindNextFileA 4192->4194 4194->4193 4195 40266f 4194->4195 4197 4059dd lstrcpynA 4195->4197 4197->4193 4198 401595 4199 4029f6 18 API calls 4198->4199 4200 40159c SetFileAttributesA 4199->4200 4201 4015ae 4200->4201 4202 401e95 4203 4029f6 18 API calls 4202->4203 4204 401e9c 4203->4204 4205 405cd8 2 API calls 4204->4205 4206 401ea2 4205->4206 4208 401eb4 4206->4208 4209 40593b wsprintfA 4206->4209 4209->4208 4210 401696 4211 4029f6 18 API calls 4210->4211 4212 40169c GetFullPathNameA 4211->4212 4215 4016b3 4212->4215 4219 4016d4 4212->4219 4213 4016e8 GetShortPathNameA 4214 40288b 4213->4214 4216 405cd8 2 API calls 4215->4216 4215->4219 4217 4016c4 4216->4217 4217->4219 4220 4059dd lstrcpynA 4217->4220 4219->4213 4219->4214 4220->4219 3628 401e1b 3629 4029f6 18 API calls 3628->3629 3630 401e21 3629->3630 3631 404d7b 25 API calls 3630->3631 3632 401e2b 3631->3632 3633 40523d 2 API calls 3632->3633 3637 401e31 3633->3637 3634 401e87 CloseHandle 3636 40265c 3634->3636 3635 401e50 WaitForSingleObject 3635->3637 3638 401e5e GetExitCodeProcess 3635->3638 3637->3634 3637->3635 3637->3636 3639 405d38 2 API calls 3637->3639 3640 401e70 3638->3640 3641 401e7b 3638->3641 3639->3635 3644 40593b wsprintfA 3640->3644 3641->3634 3643 401e79 3641->3643 3643->3634 3644->3643 4221 401d1b GetDC GetDeviceCaps 4222 4029d9 18 API calls 4221->4222 4223 401d37 MulDiv 4222->4223 4224 4029d9 18 API calls 4223->4224 4225 401d4c 4224->4225 4226 4059ff 18 API calls 4225->4226 4227 401d85 CreateFontIndirectA 4226->4227 4228 4024b8 4227->4228 4236 40249c 4237 4029f6 18 API calls 4236->4237 4238 4024a3 4237->4238 4241 4056b4 GetFileAttributesA CreateFileA 4238->4241 4240 4024af 4241->4240 3645 402020 3646 4029f6 18 API calls 3645->3646 3647 402027 3646->3647 3648 4029f6 18 API calls 3647->3648 3649 402031 3648->3649 3650 4029f6 18 API calls 3649->3650 3651 40203a 3650->3651 3652 4029f6 18 API calls 3651->3652 3653 402044 3652->3653 3654 4029f6 18 API calls 3653->3654 3655 40204e 3654->3655 3656 402062 CoCreateInstance 3655->3656 3657 4029f6 18 API calls 3655->3657 3660 402081 3656->3660 3661 402137 3656->3661 3657->3656 3658 401423 25 API calls 3659 402169 3658->3659 3660->3661 3662 402116 MultiByteToWideChar 3660->3662 3661->3658 3661->3659 3662->3661 3663 401721 3664 4029f6 18 API calls 3663->3664 3665 401728 3664->3665 3666 4056e3 2 API calls 3665->3666 3667 40172f 3666->3667 3668 4056e3 2 API calls 3667->3668 3668->3667 4242 401922 4243 4029f6 18 API calls 4242->4243 4244 401929 lstrlenA 4243->4244 4245 4024b8 4244->4245 3669 402223 3670 40222b 3669->3670 3673 402231 3669->3673 3671 4029f6 18 API calls 3670->3671 3671->3673 3672 402241 3675 40224f 3672->3675 3676 4029f6 18 API calls 3672->3676 3673->3672 3674 4029f6 18 API calls 3673->3674 3674->3672 3677 4029f6 18 API calls 3675->3677 3676->3675 3678 402258 WritePrivateProfileStringA 3677->3678 4246 403ea3 lstrcpynA lstrlenA 4247 401ca5 4248 4029d9 18 API calls 4247->4248 4249 401cb5 SetWindowLongA 4248->4249 4250 40288b 4249->4250 4251 401a26 4252 4029d9 18 API calls 4251->4252 4253 401a2c 4252->4253 4254 4029d9 18 API calls 4253->4254 4255 4019d6 4254->4255 3689 402427 3699 402b00 3689->3699 3691 402431 3692 4029d9 18 API calls 3691->3692 3693 40243a 3692->3693 3694 402451 RegEnumKeyA 3693->3694 3695 40245d RegEnumValueA 3693->3695 3696 40265c 3693->3696 3697 402476 RegCloseKey 3694->3697 3695->3696 3695->3697 3697->3696 3700 4029f6 18 API calls 3699->3700 3701 402b19 3700->3701 3702 402b27 RegOpenKeyExA 3701->3702 3702->3691 3703 4022a7 3704 4022d7 3703->3704 3705 4022ac 3703->3705 3706 4029f6 18 API calls 3704->3706 3707 402b00 19 API calls 3705->3707 3708 4022de 3706->3708 3709 4022b3 3707->3709 3715 402a36 RegOpenKeyExA 3708->3715 3710 4029f6 18 API calls 3709->3710 3714 4022f6 3709->3714 3711 4022c4 RegDeleteValueA RegCloseKey 3710->3711 3711->3714 3718 402a61 3715->3718 3723 4022f4 3715->3723 3716 402a87 RegEnumKeyA 3717 402a99 RegCloseKey 3716->3717 3716->3718 3720 405cff 3 API calls 3717->3720 3718->3716 3718->3717 3719 402abe RegCloseKey 3718->3719 3721 402a36 3 API calls 3718->3721 3719->3723 3722 402aa9 3720->3722 3721->3718 3722->3723 3724 402ad9 RegDeleteKeyA 3722->3724 3723->3714 3724->3723 4256 405fa8 4262 405e2c 4256->4262 4257 406797 4258 405eb6 GlobalAlloc 4258->4257 4258->4262 4259 405ead GlobalFree 4259->4258 4260 405f24 GlobalFree 4261 405f2d GlobalAlloc 4260->4261 4261->4257 4261->4262 4262->4257 4262->4258 4262->4259 4262->4260 4262->4261 3725 401bad 3726 4029d9 18 API calls 3725->3726 3727 401bb4 3726->3727 3728 4029d9 18 API calls 3727->3728 3729 401bbe 3728->3729 3730 4029f6 18 API calls 3729->3730 3734 401bce 3729->3734 3730->3734 3731 4029f6 18 API calls 3735 401bde 3731->3735 3732 401be9 3736 4029d9 18 API calls 3732->3736 3733 401c2d 3737 4029f6 18 API calls 3733->3737 3734->3731 3734->3735 3735->3732 3735->3733 3738 401bee 3736->3738 3739 401c32 3737->3739 3740 4029d9 18 API calls 3738->3740 3741 4029f6 18 API calls 3739->3741 3743 401bf7 3740->3743 3742 401c3b FindWindowExA 3741->3742 3746 401c59 3742->3746 3744 401c1d SendMessageA 3743->3744 3745 401bff SendMessageTimeoutA 3743->3745 3744->3746 3745->3746 4263 4023af 4264 402b00 19 API calls 4263->4264 4265 4023b9 4264->4265 4266 4029f6 18 API calls 4265->4266 4267 4023c2 4266->4267 4268 4023cc RegQueryValueExA 4267->4268 4269 40265c 4267->4269 4270 4023f2 RegCloseKey 4268->4270 4271 4023ec 4268->4271 4270->4269 4271->4270 4274 40593b wsprintfA 4271->4274 4274->4270 3747 4015b3 3748 4029f6 18 API calls 3747->3748 3749 4015ba 3748->3749 3750 405564 4 API calls 3749->3750 3761 4015c2 3750->3761 3751 40160a 3753 40162d 3751->3753 3754 40160f 3751->3754 3752 4054fb CharNextA 3755 4015d0 CreateDirectoryA 3752->3755 3759 401423 25 API calls 3753->3759 3756 401423 25 API calls 3754->3756 3757 4015e5 GetLastError 3755->3757 3755->3761 3758 401616 3756->3758 3760 4015f2 GetFileAttributesA 3757->3760 3757->3761 3765 4059dd lstrcpynA 3758->3765 3763 402169 3759->3763 3760->3761 3761->3751 3761->3752 3764 401621 SetCurrentDirectoryA 3764->3763 3765->3764 3766 401734 3767 4029f6 18 API calls 3766->3767 3768 40173b 3767->3768 3769 401761 3768->3769 3770 401759 3768->3770 3806 4059dd lstrcpynA 3769->3806 3805 4059dd lstrcpynA 3770->3805 3773 40175f 3776 405c3f 5 API calls 3773->3776 3774 40176c 3775 4054d0 3 API calls 3774->3775 3777 401772 lstrcatA 3775->3777 3783 40177e 3776->3783 3777->3773 3778 405cd8 2 API calls 3778->3783 3779 405695 2 API calls 3779->3783 3781 401795 CompareFileTime 3781->3783 3782 401859 3784 404d7b 25 API calls 3782->3784 3783->3778 3783->3779 3783->3781 3783->3782 3785 4059dd lstrcpynA 3783->3785 3792 4059ff 18 API calls 3783->3792 3800 40529e MessageBoxIndirectA 3783->3800 3803 401830 3783->3803 3804 4056b4 GetFileAttributesA CreateFileA 3783->3804 3786 401863 3784->3786 3785->3783 3789 402e5b 37 API calls 3786->3789 3787 404d7b 25 API calls 3788 401845 3787->3788 3790 401876 3789->3790 3791 40188a SetFileTime 3790->3791 3793 40189c FindCloseChangeNotification 3790->3793 3791->3793 3792->3783 3793->3788 3794 4018ad 3793->3794 3795 4018b2 3794->3795 3796 4018c5 3794->3796 3798 4059ff 18 API calls 3795->3798 3797 4059ff 18 API calls 3796->3797 3799 4018cd 3797->3799 3801 4018ba lstrcatA 3798->3801 3802 40529e MessageBoxIndirectA 3799->3802 3800->3783 3801->3799 3802->3788 3803->3787 3803->3788 3804->3783 3805->3773 3806->3774 4282 401634 4283 4029f6 18 API calls 4282->4283 4284 40163a 4283->4284 4285 405cd8 2 API calls 4284->4285 4286 401640 4285->4286 4287 401934 4288 4029d9 18 API calls 4287->4288 4289 40193b 4288->4289 4290 4029d9 18 API calls 4289->4290 4291 401945 4290->4291 4292 4029f6 18 API calls 4291->4292 4293 40194e 4292->4293 4294 401961 lstrlenA 4293->4294 4295 40199c 4293->4295 4296 40196b 4294->4296 4296->4295 4300 4059dd lstrcpynA 4296->4300 4298 401985 4298->4295 4299 401992 lstrlenA 4298->4299 4299->4295 4300->4298 4301 4019b5 4302 4029f6 18 API calls 4301->4302 4303 4019bc 4302->4303 4304 4029f6 18 API calls 4303->4304 4305 4019c5 4304->4305 4306 4019cc lstrcmpiA 4305->4306 4307 4019de lstrcmpA 4305->4307 4308 4019d2 4306->4308 4307->4308 4309 4014b7 4310 4014bd 4309->4310 4311 401389 2 API calls 4310->4311 4312 4014c5 4311->4312 3807 404eb9 3808 405065 3807->3808 3809 404eda GetDlgItem GetDlgItem GetDlgItem 3807->3809 3811 405096 3808->3811 3812 40506e GetDlgItem CreateThread CloseHandle 3808->3812 3853 403dc4 SendMessageA 3809->3853 3814 4050e3 3811->3814 3815 4050ad ShowWindow ShowWindow 3811->3815 3816 4050c1 3811->3816 3812->3811 3859 404e4d 5 API calls 3812->3859 3813 404f4b 3818 404f52 GetClientRect GetSystemMetrics SendMessageA SendMessageA 3813->3818 3822 403df6 8 API calls 3814->3822 3855 403dc4 SendMessageA 3815->3855 3817 40511f 3816->3817 3820 4050d2 3816->3820 3821 4050f8 ShowWindow 3816->3821 3817->3814 3827 40512a SendMessageA 3817->3827 3825 404fc1 3818->3825 3826 404fa5 SendMessageA SendMessageA 3818->3826 3856 403d68 3820->3856 3823 405118 3821->3823 3824 40510a 3821->3824 3829 4050f1 3822->3829 3831 403d68 SendMessageA 3823->3831 3830 404d7b 25 API calls 3824->3830 3832 404fd4 3825->3832 3833 404fc6 SendMessageA 3825->3833 3826->3825 3827->3829 3834 405143 CreatePopupMenu 3827->3834 3830->3823 3831->3817 3836 403d8f 19 API calls 3832->3836 3833->3832 3835 4059ff 18 API calls 3834->3835 3837 405153 AppendMenuA 3835->3837 3838 404fe4 3836->3838 3839 405166 GetWindowRect 3837->3839 3840 405179 3837->3840 3841 405021 GetDlgItem SendMessageA 3838->3841 3842 404fed ShowWindow 3838->3842 3844 405182 TrackPopupMenu 3839->3844 3840->3844 3841->3829 3843 405048 SendMessageA SendMessageA 3841->3843 3845 405010 3842->3845 3846 405003 ShowWindow 3842->3846 3843->3829 3844->3829 3847 4051a0 3844->3847 3854 403dc4 SendMessageA 3845->3854 3846->3845 3849 4051bc SendMessageA 3847->3849 3849->3849 3850 4051d9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3849->3850 3851 4051fb SendMessageA 3850->3851 3851->3851 3852 40521c GlobalUnlock SetClipboardData CloseClipboard 3851->3852 3852->3829 3853->3813 3854->3841 3855->3816 3857 403d75 SendMessageA 3856->3857 3858 403d6f 3856->3858 3857->3814 3858->3857 4313 402b3b 4314 402b63 4313->4314 4315 402b4a SetTimer 4313->4315 4316 402bb8 4314->4316 4317 402b7d MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 4314->4317 4315->4314 4317->4316 3888 4038bc 3889 4038d4 3888->3889 3890 403a0f 3888->3890 3889->3890 3891 4038e0 3889->3891 3892 403a20 GetDlgItem GetDlgItem 3890->3892 3893 403a60 3890->3893 3894 4038eb SetWindowPos 3891->3894 3895 4038fe 3891->3895 3896 403d8f 19 API calls 3892->3896 3897 403aba 3893->3897 3902 401389 2 API calls 3893->3902 3894->3895 3899 403903 ShowWindow 3895->3899 3900 40391b 3895->3900 3901 403a4a KiUserCallbackDispatcher 3896->3901 3898 403ddb SendMessageA 3897->3898 3919 403a0a 3897->3919 3917 403acc 3898->3917 3899->3900 3903 403923 DestroyWindow 3900->3903 3904 40393d 3900->3904 3905 40140b 2 API calls 3901->3905 3906 403a92 3902->3906 3955 403d18 3903->3955 3907 403942 SetWindowLongA 3904->3907 3908 403953 3904->3908 3905->3893 3906->3897 3909 403a96 SendMessageA 3906->3909 3907->3919 3912 40395f GetDlgItem 3908->3912 3928 4039ca 3908->3928 3909->3919 3910 40140b 2 API calls 3910->3917 3911 403d1a DestroyWindow KiUserCallbackDispatcher 3911->3955 3913 403972 SendMessageA IsWindowEnabled 3912->3913 3914 40398f 3912->3914 3913->3914 3913->3919 3918 403994 3914->3918 3921 40399c 3914->3921 3922 4039e3 SendMessageA 3914->3922 3923 4039af 3914->3923 3915 403df6 8 API calls 3915->3919 3916 403d49 ShowWindow 3916->3919 3917->3910 3917->3911 3917->3919 3920 4059ff 18 API calls 3917->3920 3925 403d8f 19 API calls 3917->3925 3931 403d8f 19 API calls 3917->3931 3946 403c5a KiUserCallbackDispatcher 3917->3946 3924 403d68 SendMessageA 3918->3924 3918->3928 3920->3917 3921->3918 3921->3922 3922->3928 3926 4039b7 3923->3926 3927 4039cc 3923->3927 3924->3928 3925->3917 3930 40140b 2 API calls 3926->3930 3929 40140b 2 API calls 3927->3929 3928->3915 3929->3918 3930->3918 3932 403b47 GetDlgItem 3931->3932 3933 403b64 ShowWindow KiUserCallbackDispatcher 3932->3933 3934 403b5c 3932->3934 3956 403db1 KiUserCallbackDispatcher 3933->3956 3934->3933 3936 403b8e KiUserCallbackDispatcher 3939 403ba2 3936->3939 3937 403ba7 GetSystemMenu EnableMenuItem SendMessageA 3938 403bd7 SendMessageA 3937->3938 3937->3939 3938->3939 3939->3937 3957 403dc4 SendMessageA 3939->3957 3958 4059dd lstrcpynA 3939->3958 3942 403c05 lstrlenA 3943 4059ff 18 API calls 3942->3943 3944 403c16 SetWindowTextA 3943->3944 3945 401389 2 API calls 3944->3945 3945->3917 3947 403c74 CreateDialogParamA 3946->3947 3946->3955 3948 403ca7 3947->3948 3947->3955 3949 403d8f 19 API calls 3948->3949 3950 403cb2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3949->3950 3951 401389 2 API calls 3950->3951 3952 403cf8 3951->3952 3952->3919 3953 403d00 ShowWindow 3952->3953 3954 403ddb SendMessageA 3953->3954 3954->3955 3955->3916 3955->3919 3956->3936 3957->3939 3958->3942 4318 40263e 4319 4029f6 18 API calls 4318->4319 4320 402645 FindFirstFileA 4319->4320 4321 402668 4320->4321 4322 402658 4320->4322 4323 40266f 4321->4323 4326 40593b wsprintfA 4321->4326 4327 4059dd lstrcpynA 4323->4327 4326->4323 4327->4322 4328 4024be 4329 4024c3 4328->4329 4330 4024d4 4328->4330 4331 4029d9 18 API calls 4329->4331 4332 4029f6 18 API calls 4330->4332 4334 4024ca 4331->4334 4333 4024db lstrlenA 4332->4333 4333->4334 4335 4024fa WriteFile 4334->4335 4336 40265c 4334->4336 4335->4336

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 004030CB, Relevance: 73.8, APIs: 24, Strings: 18, Instructions: 270filestringcomCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 0 4030cb-403160 #17 SetErrorMode OleInitialize call 405cff SHGetFileInfoA call 4059dd GetCommandLineA call 4059dd GetModuleHandleA 7 403162-403167 0->7 8 40316c-403181 call 4054fb CharNextA 0->8 7->8 11 4031e6-4031ea 8->11 12 403183-403186 11->12 13 4031ec 11->13 14 403188-40318c 12->14 15 40318e-403196 12->15 16 4031ff-403217 GetTempPathA call 403097 13->16 14->14 14->15 17 403198-403199 15->17 18 40319e-4031a1 15->18 25 403239-403250 DeleteFileA call 402c22 16->25 26 403219-403237 GetWindowsDirectoryA lstrcatA call 403097 16->26 17->18 20 4031a3-4031a7 18->20 21 4031d6-4031e3 call 4054fb 18->21 23 4031b7-4031bd 20->23 24 4031a9-4031b2 20->24 21->11 38 4031e5 21->38 30 4031cd-4031d4 23->30 31 4031bf-4031c8 23->31 24->23 28 4031b4 24->28 40 4032b7-4032c6 ExitProcess OleUninitialize 25->40 41 403252-403258 25->41 26->25 26->40 28->23 30->21 36 4031ee-4031fa call 4059dd 30->36 31->30 35 4031ca 31->35 35->30 36->16 38->11 44 4033b1-4033b7 40->44 45 4032cc-4032dc call 40529e ExitProcess 40->45 42 4032a7-4032ae call 403526 41->42 43 40325a-403263 call 4054fb 41->43 53 4032b3 42->53 58 40326e-403270 43->58 46 403434-40343c 44->46 47 4033b9-4033d6 call 405cff * 3 44->47 54 403442-403446 ExitProcess 46->54 55 40343e 46->55 73 403420-40342b ExitWindowsEx 47->73 74 4033d8-4033da 47->74 53->40 55->54 59 403272-40327c 58->59 60 403265-40326b 58->60 62 4032e2-4032fc lstrcatA lstrcmpiA 59->62 63 40327e-40328b call 4055b1 59->63 60->59 65 40326d 60->65 62->40 66 4032fe-403313 CreateDirectoryA SetCurrentDirectoryA 62->66 63->40 76 40328d-4032a3 call 4059dd * 2 63->76 65->58 69 403320-40333a call 4059dd 66->69 70 403315-40331b call 4059dd 66->70 84 40333f-40335b call 4059ff DeleteFileA 69->84 70->69 73->46 81 40342d-40342f call 40140b 73->81 74->73 78 4033dc-4033de 74->78 76->42 78->73 82 4033e0-4033f2 GetCurrentProcess 78->82 81->46 82->73 91 4033f4-403416 82->91 92 40339c-4033a3 84->92 93 40335d-40336d CopyFileA 84->93 91->73 92->84 94 4033a5-4033ac call 40572b 92->94 93->92 95 40336f-40338f call 40572b call 4059ff call 40523d 93->95 94->40 95->92 105 403391-403398 CloseHandle 95->105 105->92
                                                                                                                                                                                C-Code - Quality: 81%
                                                                                                                                                                                			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v392;
				int _v396;
				int _v400;
				signed int _v404;
				CHAR* _v408;
				int _v412;
				struct _SECURITY_ATTRIBUTES* _v416;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				int _t50;
				signed int _t51;
				signed int _t54;
				int _t55;
				signed int _t59;
				intOrPtr _t70;
				intOrPtr _t76;
				void* _t78;
				void* _t88;
				void* _t90;
				char* _t95;
				signed int _t96;
				void* _t97;
				signed int _t98;
				signed int _t99;
				signed int _t102;
				CHAR* _t104;
				signed int _t105;
				intOrPtr _t112;
				char _t119;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t98 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423f38 = _t34;
				 *0x423e84 = E00405CFF(8);
				SHGetFileInfoA(0x41f430, 0,  &_v360, 0x160, 0); // executed
				E004059DD("Unlocker 1.9.2 Setup", "NSIS Error");
				_t39 = GetCommandLineA();
				_t95 = "\"C:\\Users\\jones\\Desktop\\Unlocker1.9.2.exe\" ";
				E004059DD(_t95, _t39);
				 *0x423e80 = GetModuleHandleA(0);
				_t42 = _t95;
				if("\"C:\\Users\\jones\\Desktop\\Unlocker1.9.2.exe\" " == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00429001;
				}
				_t44 = CharNextA(E004054FB(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t90 =  *_t44;
					_t108 = _t90;
					if(_t90 == 0) {
						break;
					}
					__eflags = _t90 - 0x20;
					if(_t90 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E004054FB(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t98 = _t98 | 0x00000002;
									__eflags = _t98;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t98 = _t98 | 0x00000004;
									__eflags = _t98;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								_t45 = _t44 + 2;
								__eflags = _t44 + 2;
								E004059DD("C:\\Program Files\\Unlocker", _t45);
								L20:
								_t104 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t104);
								_t48 = E00403097(_t108);
								_t109 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C22(_t110, _t98); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										ExitProcess(); // executed
										__imp__OleUninitialize(); // executed
										if(_v404 == 0) {
											__eflags =  *0x423f14; // 0x0
											if(__eflags != 0) {
												_t105 = E00405CFF(3);
												_t99 = E00405CFF(4);
												_t54 = E00405CFF(5);
												__eflags = _t105;
												_t96 = _t54;
												if(_t105 != 0) {
													__eflags = _t99;
													if(_t99 != 0) {
														__eflags = _t96;
														if(_t96 != 0) {
															_t59 =  *_t105(GetCurrentProcess(), 0x28,  &_v392);
															__eflags = _t59;
															if(_t59 != 0) {
																 *_t99(0, "SeShutdownPrivilege",  &_v396);
																_v412 = 1;
																_v400 = 2;
																 *_t96(_v416, 0,  &_v412, 0, 0, 0);
															}
														}
													}
												}
												_t55 = ExitWindowsEx(2, 0);
												__eflags = _t55;
												if(_t55 == 0) {
													E0040140B(9);
												}
											}
											_t51 =  *0x423f2c; // 0xffffffff
											__eflags = _t51 - 0xffffffff;
											if(_t51 != 0xffffffff) {
												_v396 = _t51;
											}
											ExitProcess(_v396);
										}
										E0040529E(_v404, 0x200010);
										ExitProcess(2);
									}
									_t112 =  *0x423e9c; // 0x0
									if(_t112 == 0) {
										L31:
										 *0x423f2c =  *0x423f2c | 0xffffffff;
										_v400 = E00403526();
										goto L32;
									}
									_t102 = E004054FB(_t95, 0);
									while(_t102 >= _t95) {
										__eflags =  *_t102 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t102 = _t102 - 1;
										__eflags = _t102;
									}
									_t114 = _t102 - _t95;
									_v408 = "Error launching installer";
									if(_t102 < _t95) {
										lstrcatA(_t104, "~nsu.tmp");
										_t100 = "C:\\Users\\jones\\Desktop";
										if(lstrcmpiA(_t104, "C:\\Users\\jones\\Desktop") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t104, 0);
										SetCurrentDirectoryA(_t104);
										_t119 = "C:\\Program Files\\Unlocker"; // 0x43
										if(_t119 == 0) {
											E004059DD("C:\\Program Files\\Unlocker", _t100);
										}
										E004059DD(0x424000, _v396);
										"\"C:\\Users\\jones\\AppData\\Local\\Temp\\DeltaTB.exe\" /aflt=babsst /babTrack=\"affID=122471\" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt" = 0x41;
										_t97 = 0x1a;
										do {
											_t70 =  *0x423e90; // 0x471cb8
											E004059FF(0, _t97, 0x41f030, 0x41f030,  *((intOrPtr*)(_t70 + 0x120)));
											DeleteFileA(0x41f030);
											if(_v416 != 0 && CopyFileA("C:\\Users\\jones\\Desktop\\Unlocker1.9.2.exe", 0x41f030, 1) != 0) {
												_push(0);
												_push(0x41f030);
												E0040572B();
												_t76 =  *0x423e90; // 0x471cb8
												E004059FF(0, _t97, 0x41f030, 0x41f030,  *((intOrPtr*)(_t76 + 0x124)));
												_t78 = E0040523D(0x41f030);
												if(_t78 != 0) {
													CloseHandle(_t78);
													_v416 = 0;
												}
											}
											"\"C:\\Users\\jones\\AppData\\Local\\Temp\\DeltaTB.exe\" /aflt=babsst /babTrack=\"affID=122471\" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt" =  &("\"C:\\Users\\jones\\AppData\\Local\\Temp\\DeltaTB.exe\" /aflt=babsst /babTrack=\"affID=122471\" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt"[1]);
											_t97 = _t97 - 1;
										} while (_t97 != 0);
										_push(0);
										_push(_t104);
										E0040572B();
										goto L32;
									}
									 *_t102 = 0;
									_t103 = _t102 + 4;
									if(E004055B1(_t114, _t102 + 4) == 0) {
										goto L32;
									}
									E004059DD("C:\\Program Files\\Unlocker", _t103);
									E004059DD("C:\\Program Files\\Unlocker", _t103);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t104, 0x3fb);
								lstrcatA(_t104, "\\Temp");
								_t88 = E00403097(_t109);
								_t110 = _t88;
								if(_t88 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}









































                                                                                                                                                                                0x004030d7
                                                                                                                                                                                0x004030db
                                                                                                                                                                                0x004030e3
                                                                                                                                                                                0x004030e5
                                                                                                                                                                                0x004030ea
                                                                                                                                                                                0x004030f5
                                                                                                                                                                                0x004030fc
                                                                                                                                                                                0x00403104
                                                                                                                                                                                0x0040310e
                                                                                                                                                                                0x00403124
                                                                                                                                                                                0x00403134
                                                                                                                                                                                0x00403139
                                                                                                                                                                                0x0040313f
                                                                                                                                                                                0x00403146
                                                                                                                                                                                0x00403159
                                                                                                                                                                                0x0040315e
                                                                                                                                                                                0x00403160
                                                                                                                                                                                0x00403162
                                                                                                                                                                                0x00403167
                                                                                                                                                                                0x00403167
                                                                                                                                                                                0x00403177
                                                                                                                                                                                0x0040317d
                                                                                                                                                                                0x004031e6
                                                                                                                                                                                0x004031e6
                                                                                                                                                                                0x004031e8
                                                                                                                                                                                0x004031ea
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403183
                                                                                                                                                                                0x00403186
                                                                                                                                                                                0x0040318e
                                                                                                                                                                                0x0040318e
                                                                                                                                                                                0x00403191
                                                                                                                                                                                0x00403196
                                                                                                                                                                                0x00403198
                                                                                                                                                                                0x00403198
                                                                                                                                                                                0x00403199
                                                                                                                                                                                0x00403199
                                                                                                                                                                                0x0040319e
                                                                                                                                                                                0x004031a1
                                                                                                                                                                                0x004031d6
                                                                                                                                                                                0x004031db
                                                                                                                                                                                0x004031e0
                                                                                                                                                                                0x004031e3
                                                                                                                                                                                0x004031e5
                                                                                                                                                                                0x004031e5
                                                                                                                                                                                0x004031e5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004031a3
                                                                                                                                                                                0x004031a3
                                                                                                                                                                                0x004031a4
                                                                                                                                                                                0x004031a7
                                                                                                                                                                                0x004031af
                                                                                                                                                                                0x004031b2
                                                                                                                                                                                0x004031b4
                                                                                                                                                                                0x004031b4
                                                                                                                                                                                0x004031b4
                                                                                                                                                                                0x004031b2
                                                                                                                                                                                0x004031b7
                                                                                                                                                                                0x004031bd
                                                                                                                                                                                0x004031c5
                                                                                                                                                                                0x004031c8
                                                                                                                                                                                0x004031ca
                                                                                                                                                                                0x004031ca
                                                                                                                                                                                0x004031ca
                                                                                                                                                                                0x004031c8
                                                                                                                                                                                0x004031cd
                                                                                                                                                                                0x004031d4
                                                                                                                                                                                0x004031ee
                                                                                                                                                                                0x004031f1
                                                                                                                                                                                0x004031f1
                                                                                                                                                                                0x004031fa
                                                                                                                                                                                0x004031ff
                                                                                                                                                                                0x004031ff
                                                                                                                                                                                0x0040320a
                                                                                                                                                                                0x00403210
                                                                                                                                                                                0x00403215
                                                                                                                                                                                0x00403217
                                                                                                                                                                                0x00403239
                                                                                                                                                                                0x0040323e
                                                                                                                                                                                0x00403245
                                                                                                                                                                                0x0040324c
                                                                                                                                                                                0x00403250
                                                                                                                                                                                0x004032b7
                                                                                                                                                                                0x004032b7
                                                                                                                                                                                0x004032bc
                                                                                                                                                                                0x004032c6
                                                                                                                                                                                0x004033b1
                                                                                                                                                                                0x004033b7
                                                                                                                                                                                0x004033c2
                                                                                                                                                                                0x004033cb
                                                                                                                                                                                0x004033cd
                                                                                                                                                                                0x004033d2
                                                                                                                                                                                0x004033d4
                                                                                                                                                                                0x004033d6
                                                                                                                                                                                0x004033d8
                                                                                                                                                                                0x004033da
                                                                                                                                                                                0x004033dc
                                                                                                                                                                                0x004033de
                                                                                                                                                                                0x004033ee
                                                                                                                                                                                0x004033f0
                                                                                                                                                                                0x004033f2
                                                                                                                                                                                0x004033ff
                                                                                                                                                                                0x0040340e
                                                                                                                                                                                0x00403416
                                                                                                                                                                                0x0040341e
                                                                                                                                                                                0x0040341e
                                                                                                                                                                                0x004033f2
                                                                                                                                                                                0x004033de
                                                                                                                                                                                0x004033da
                                                                                                                                                                                0x00403423
                                                                                                                                                                                0x00403429
                                                                                                                                                                                0x0040342b
                                                                                                                                                                                0x0040342f
                                                                                                                                                                                0x0040342f
                                                                                                                                                                                0x0040342b
                                                                                                                                                                                0x00403434
                                                                                                                                                                                0x00403439
                                                                                                                                                                                0x0040343c
                                                                                                                                                                                0x0040343e
                                                                                                                                                                                0x0040343e
                                                                                                                                                                                0x00403446
                                                                                                                                                                                0x00403446
                                                                                                                                                                                0x004032d5
                                                                                                                                                                                0x004032dc
                                                                                                                                                                                0x004032dc
                                                                                                                                                                                0x00403252
                                                                                                                                                                                0x00403258
                                                                                                                                                                                0x004032a7
                                                                                                                                                                                0x004032a7
                                                                                                                                                                                0x004032b3
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004032b3
                                                                                                                                                                                0x00403261
                                                                                                                                                                                0x0040326e
                                                                                                                                                                                0x00403265
                                                                                                                                                                                0x0040326b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040326d
                                                                                                                                                                                0x0040326d
                                                                                                                                                                                0x0040326d
                                                                                                                                                                                0x00403272
                                                                                                                                                                                0x00403274
                                                                                                                                                                                0x0040327c
                                                                                                                                                                                0x004032e8
                                                                                                                                                                                0x004032ed
                                                                                                                                                                                0x004032fc
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403300
                                                                                                                                                                                0x00403307
                                                                                                                                                                                0x0040330d
                                                                                                                                                                                0x00403313
                                                                                                                                                                                0x0040331b
                                                                                                                                                                                0x0040331b
                                                                                                                                                                                0x00403329
                                                                                                                                                                                0x00403330
                                                                                                                                                                                0x00403339
                                                                                                                                                                                0x0040333f
                                                                                                                                                                                0x0040333f
                                                                                                                                                                                0x0040334b
                                                                                                                                                                                0x00403351
                                                                                                                                                                                0x0040335b
                                                                                                                                                                                0x0040336f
                                                                                                                                                                                0x00403370
                                                                                                                                                                                0x00403371
                                                                                                                                                                                0x00403376
                                                                                                                                                                                0x00403382
                                                                                                                                                                                0x00403388
                                                                                                                                                                                0x0040338f
                                                                                                                                                                                0x00403392
                                                                                                                                                                                0x00403398
                                                                                                                                                                                0x00403398
                                                                                                                                                                                0x0040338f
                                                                                                                                                                                0x0040339c
                                                                                                                                                                                0x004033a2
                                                                                                                                                                                0x004033a2
                                                                                                                                                                                0x004033a5
                                                                                                                                                                                0x004033a6
                                                                                                                                                                                0x004033a7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004033a7
                                                                                                                                                                                0x0040327e
                                                                                                                                                                                0x00403280
                                                                                                                                                                                0x0040328b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403293
                                                                                                                                                                                0x0040329e
                                                                                                                                                                                0x004032a3
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004032a3
                                                                                                                                                                                0x0040321f
                                                                                                                                                                                0x0040322b
                                                                                                                                                                                0x00403230
                                                                                                                                                                                0x00403235
                                                                                                                                                                                0x00403237
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403237
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004031d4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403188
                                                                                                                                                                                0x00403188
                                                                                                                                                                                0x00403188
                                                                                                                                                                                0x00403189
                                                                                                                                                                                0x00403189
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403188
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • #17.COMCTL32 ref: 004030EA
                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008001), ref: 004030F5
                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 004030FC
                                                                                                                                                                                  • Part of subcall function 00405CFF: GetModuleHandleA.KERNEL32(?,?,00000000,0040310E,00000008), ref: 00405D11
                                                                                                                                                                                  • Part of subcall function 00405CFF: LoadLibraryA.KERNELBASE(?,?,00000000,0040310E,00000008), ref: 00405D1C
                                                                                                                                                                                  • Part of subcall function 00405CFF: GetProcAddress.KERNEL32(00000000,?), ref: 00405D2D
                                                                                                                                                                                • SHGetFileInfoA.SHELL32(0041F430,00000000,?,00000160,00000000,00000008), ref: 00403124
                                                                                                                                                                                  • Part of subcall function 004059DD: lstrcpynA.KERNEL32(?,?,00000400,00403139,Unlocker 1.9.2 Setup,NSIS Error), ref: 004059EA
                                                                                                                                                                                • GetCommandLineA.KERNEL32(Unlocker 1.9.2 Setup,NSIS Error), ref: 00403139
                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,00000000), ref: 0040314C
                                                                                                                                                                                • CharNextA.USER32(00000000,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,00000020), ref: 00403177
                                                                                                                                                                                • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040320A
                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040321F
                                                                                                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040322B
                                                                                                                                                                                • DeleteFileA.KERNELBASE(1033), ref: 0040323E
                                                                                                                                                                                • ExitProcess.KERNEL32(00000000), ref: 004032B7
                                                                                                                                                                                • OleUninitialize.OLE32(00000000), ref: 004032BC
                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 004032DC
                                                                                                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,00000000,00000000), ref: 004032E8
                                                                                                                                                                                • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,00000000,00000000), ref: 004032F4
                                                                                                                                                                                • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403300
                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403307
                                                                                                                                                                                • DeleteFileA.KERNEL32(0041F030,0041F030,?,00424000,?), ref: 00403351
                                                                                                                                                                                • CopyFileA.KERNEL32 ref: 00403365
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,0041F030,0041F030,?,0041F030,00000000), ref: 00403392
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 004033E7
                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,00000000), ref: 00403423
                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403446
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExitFileProcess$DirectoryHandle$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                • String ID: /D=$ _?=$"$"C:\Users\user\AppData\Local\Temp\DeltaTB.exe" /aflt=babsst /babTrack="affID=122471" /srcExt=ss /instlRef=sst /S /mtb /mds /mhp /mnt$"C:\Users\user\Desktop\Unlocker1.9.2.exe" $1033$C:\Program Files\Unlocker$C:\Program Files\Unlocker$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Unlocker1.9.2.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$Unlocker 1.9.2 Setup$\Temp$~nsu.tmp
                                                                                                                                                                                • API String ID: 553446912-1810093464
                                                                                                                                                                                • Opcode ID: a19d3eb581d25ceee7db0395522459586b67666d40a4dd21a24ca1e1399dfb9b
                                                                                                                                                                                • Instruction ID: cc286ec977d2638fbe9c092aa5ad16f4889e12429ffafd7da1ab197300c5bae6
                                                                                                                                                                                • Opcode Fuzzy Hash: a19d3eb581d25ceee7db0395522459586b67666d40a4dd21a24ca1e1399dfb9b
                                                                                                                                                                                • Instruction Fuzzy Hash: 9691B170A08340AED7216F619D49B6B7EACEB0530AF44047FF581B62D2C77C9E458B6E
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00404EB9, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 106 404eb9-404ed4 107 405065-40506c 106->107 108 404eda-404fa3 GetDlgItem * 3 call 403dc4 call 40461d GetClientRect GetSystemMetrics SendMessageA * 2 106->108 110 405096-4050a3 107->110 111 40506e-405090 GetDlgItem CreateThread CloseHandle 107->111 128 404fc1-404fc4 108->128 129 404fa5-404fbf SendMessageA * 2 108->129 113 4050c1-4050c8 110->113 114 4050a5-4050ab 110->114 111->110 118 4050ca-4050d0 113->118 119 40511f-405123 113->119 116 4050e3-4050ec call 403df6 114->116 117 4050ad-4050bc ShowWindow * 2 call 403dc4 114->117 132 4050f1-4050f5 116->132 117->113 123 4050d2-4050de call 403d68 118->123 124 4050f8-405108 ShowWindow 118->124 119->116 121 405125-405128 119->121 121->116 130 40512a-40513d SendMessageA 121->130 123->116 126 405118-40511a call 403d68 124->126 127 40510a-405113 call 404d7b 124->127 126->119 127->126 135 404fd4-404feb call 403d8f 128->135 136 404fc6-404fd2 SendMessageA 128->136 129->128 137 405143-405164 CreatePopupMenu call 4059ff AppendMenuA 130->137 138 405236-405238 130->138 145 405021-405042 GetDlgItem SendMessageA 135->145 146 404fed-405001 ShowWindow 135->146 136->135 143 405166-405177 GetWindowRect 137->143 144 405179-40517f 137->144 138->132 148 405182-40519a TrackPopupMenu 143->148 144->148 145->138 147 405048-405060 SendMessageA * 2 145->147 149 405010 146->149 150 405003-40500e ShowWindow 146->150 147->138 148->138 151 4051a0-4051b7 148->151 152 405016-40501c call 403dc4 149->152 150->152 154 4051bc-4051d7 SendMessageA 151->154 152->145 154->154 155 4051d9-4051f9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 154->155 156 4051fb-40521a SendMessageA 155->156 156->156 157 40521c-405230 GlobalUnlock SetClipboardData CloseClipboard 156->157 157->138
                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                			E00404EB9(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t112;
				void* _t120;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423664; // 0x6029c
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						_t120 = CreateThread(0, 0, E00404E4D, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						CloseHandle(_t120);
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E004059FF(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x420478;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42364c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423e88, 8);
							__eflags =  *0x423f0c - _t149; // 0x0
							if(__eflags == 0) {
								_t112 =  *0x41fc48; // 0x471f24
								E00404D7B( *((intOrPtr*)(_t112 + 0x34)), _t149); // executed
							}
							E00403D68(1);
							goto L25;
						}
						 *0x41f840 = 2;
						E00403D68(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403DF6(_a8, _a12, _a16);
						}
						ShowWindow( *0x423650, _t149);
						ShowWindow(_t154, 8);
						E00403DC4(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423e90; // 0x471cb8
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423650 = GetDlgItem(_a4, 0x403);
				 *0x423648 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423664 = _t127;
				_v8 = _t127;
				E00403DC4( *0x423650);
				 *0x423654 = E0040461D(4);
				 *0x42366c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403D8F(_a4);
				if(( *0x423e98 & 0x00000003) != 0) {
					ShowWindow( *0x423650, _t149); // executed
					if(( *0x423e98 & 0x00000002) != 0) {
						 *0x423650 = _t149;
					} else {
						ShowWindow(_v8, 8); // executed
					}
					E00403DC4( *0x423648);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423e98 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}




































                                                                                                                                                                                0x00404ec2
                                                                                                                                                                                0x00404ec8
                                                                                                                                                                                0x00404ed1
                                                                                                                                                                                0x00404ed4
                                                                                                                                                                                0x00405065
                                                                                                                                                                                0x0040506c
                                                                                                                                                                                0x00405089
                                                                                                                                                                                0x00405090
                                                                                                                                                                                0x00405090
                                                                                                                                                                                0x00405096
                                                                                                                                                                                0x004050a3
                                                                                                                                                                                0x004050c1
                                                                                                                                                                                0x004050c1
                                                                                                                                                                                0x004050c8
                                                                                                                                                                                0x0040511f
                                                                                                                                                                                0x0040511f
                                                                                                                                                                                0x00405123
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405125
                                                                                                                                                                                0x00405128
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405132
                                                                                                                                                                                0x00405138
                                                                                                                                                                                0x0040513a
                                                                                                                                                                                0x0040513d
                                                                                                                                                                                0x00405236
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405236
                                                                                                                                                                                0x0040514c
                                                                                                                                                                                0x00405158
                                                                                                                                                                                0x0040515e
                                                                                                                                                                                0x00405161
                                                                                                                                                                                0x00405164
                                                                                                                                                                                0x00405179
                                                                                                                                                                                0x0040517c
                                                                                                                                                                                0x0040517c
                                                                                                                                                                                0x0040517f
                                                                                                                                                                                0x00405166
                                                                                                                                                                                0x0040516b
                                                                                                                                                                                0x00405171
                                                                                                                                                                                0x00405174
                                                                                                                                                                                0x00405174
                                                                                                                                                                                0x0040518f
                                                                                                                                                                                0x00405197
                                                                                                                                                                                0x00405198
                                                                                                                                                                                0x0040519a
                                                                                                                                                                                0x004051a3
                                                                                                                                                                                0x004051a6
                                                                                                                                                                                0x004051ad
                                                                                                                                                                                0x004051b4
                                                                                                                                                                                0x004051bc
                                                                                                                                                                                0x004051bc
                                                                                                                                                                                0x004051ca
                                                                                                                                                                                0x004051d0
                                                                                                                                                                                0x004051d3
                                                                                                                                                                                0x004051d3
                                                                                                                                                                                0x004051da
                                                                                                                                                                                0x004051e0
                                                                                                                                                                                0x004051e9
                                                                                                                                                                                0x004051f0
                                                                                                                                                                                0x004051f9
                                                                                                                                                                                0x004051fb
                                                                                                                                                                                0x004051fe
                                                                                                                                                                                0x0040520d
                                                                                                                                                                                0x0040520f
                                                                                                                                                                                0x00405215
                                                                                                                                                                                0x00405216
                                                                                                                                                                                0x00405217
                                                                                                                                                                                0x00405217
                                                                                                                                                                                0x0040521f
                                                                                                                                                                                0x0040522a
                                                                                                                                                                                0x00405230
                                                                                                                                                                                0x00405230
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040519a
                                                                                                                                                                                0x004050ca
                                                                                                                                                                                0x004050d0
                                                                                                                                                                                0x00405100
                                                                                                                                                                                0x00405102
                                                                                                                                                                                0x00405108
                                                                                                                                                                                0x0040510a
                                                                                                                                                                                0x00405113
                                                                                                                                                                                0x00405113
                                                                                                                                                                                0x0040511a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040511a
                                                                                                                                                                                0x004050d4
                                                                                                                                                                                0x004050de
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004050a5
                                                                                                                                                                                0x004050a5
                                                                                                                                                                                0x004050ab
                                                                                                                                                                                0x004050e3
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004050ec
                                                                                                                                                                                0x004050b4
                                                                                                                                                                                0x004050b9
                                                                                                                                                                                0x004050bc
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004050bc
                                                                                                                                                                                0x004050a3
                                                                                                                                                                                0x00404eda
                                                                                                                                                                                0x00404ede
                                                                                                                                                                                0x00404ee7
                                                                                                                                                                                0x00404eee
                                                                                                                                                                                0x00404ef1
                                                                                                                                                                                0x00404ef4
                                                                                                                                                                                0x00404ef7
                                                                                                                                                                                0x00404ef8
                                                                                                                                                                                0x00404ef9
                                                                                                                                                                                0x00404f12
                                                                                                                                                                                0x00404f15
                                                                                                                                                                                0x00404f1f
                                                                                                                                                                                0x00404f2e
                                                                                                                                                                                0x00404f36
                                                                                                                                                                                0x00404f3e
                                                                                                                                                                                0x00404f43
                                                                                                                                                                                0x00404f46
                                                                                                                                                                                0x00404f52
                                                                                                                                                                                0x00404f5b
                                                                                                                                                                                0x00404f64
                                                                                                                                                                                0x00404f87
                                                                                                                                                                                0x00404f8d
                                                                                                                                                                                0x00404f9e
                                                                                                                                                                                0x00404fa3
                                                                                                                                                                                0x00404fb1
                                                                                                                                                                                0x00404fbf
                                                                                                                                                                                0x00404fbf
                                                                                                                                                                                0x00404fc4
                                                                                                                                                                                0x00404fd2
                                                                                                                                                                                0x00404fd2
                                                                                                                                                                                0x00404fd7
                                                                                                                                                                                0x00404fda
                                                                                                                                                                                0x00404fdf
                                                                                                                                                                                0x00404feb
                                                                                                                                                                                0x00404ff4
                                                                                                                                                                                0x00405001
                                                                                                                                                                                0x00405010
                                                                                                                                                                                0x00405003
                                                                                                                                                                                0x00405008
                                                                                                                                                                                0x00405008
                                                                                                                                                                                0x0040501c
                                                                                                                                                                                0x0040501c
                                                                                                                                                                                0x00405030
                                                                                                                                                                                0x00405039
                                                                                                                                                                                0x00405042
                                                                                                                                                                                0x00405052
                                                                                                                                                                                0x0040505e
                                                                                                                                                                                0x0040505e
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32 ref: 00404F18
                                                                                                                                                                                • GetDlgItem.USER32 ref: 00404F27
                                                                                                                                                                                • GetClientRect.USER32 ref: 00404F64
                                                                                                                                                                                • GetSystemMetrics.USER32 ref: 00404F6C
                                                                                                                                                                                • SendMessageA.USER32 ref: 00404F8D
                                                                                                                                                                                • SendMessageA.USER32 ref: 00404F9E
                                                                                                                                                                                • SendMessageA.USER32 ref: 00404FB1
                                                                                                                                                                                • SendMessageA.USER32 ref: 00404FBF
                                                                                                                                                                                • SendMessageA.USER32 ref: 00404FD2
                                                                                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00404FF4
                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 00405008
                                                                                                                                                                                • GetDlgItem.USER32 ref: 00405029
                                                                                                                                                                                • SendMessageA.USER32 ref: 00405039
                                                                                                                                                                                • SendMessageA.USER32 ref: 00405052
                                                                                                                                                                                • SendMessageA.USER32 ref: 0040505E
                                                                                                                                                                                • GetDlgItem.USER32 ref: 00404F36
                                                                                                                                                                                  • Part of subcall function 00403DC4: SendMessageA.USER32 ref: 00403DD2
                                                                                                                                                                                • GetDlgItem.USER32 ref: 0040507B
                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,Function_00004E4D,00000000), ref: 00405089
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00405090
                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 004050B4
                                                                                                                                                                                • ShowWindow.USER32(0006029C,00000008), ref: 004050B9
                                                                                                                                                                                • ShowWindow.USER32(00000008), ref: 00405100
                                                                                                                                                                                • SendMessageA.USER32 ref: 00405132
                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00405143
                                                                                                                                                                                • AppendMenuA.USER32 ref: 00405158
                                                                                                                                                                                • GetWindowRect.USER32 ref: 0040516B
                                                                                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040518F
                                                                                                                                                                                • SendMessageA.USER32 ref: 004051CA
                                                                                                                                                                                • OpenClipboard.USER32(00000000), ref: 004051DA
                                                                                                                                                                                • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 004051E0
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004051E9
                                                                                                                                                                                • GlobalLock.KERNEL32 ref: 004051F3
                                                                                                                                                                                • SendMessageA.USER32 ref: 00405207
                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 0040521F
                                                                                                                                                                                • SetClipboardData.USER32(00000001,00000000), ref: 0040522A
                                                                                                                                                                                • CloseClipboard.USER32(?,?,00000000,?,00000000), ref: 00405230
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                • String ID: {
                                                                                                                                                                                • API String ID: 590372296-366298937
                                                                                                                                                                                • Opcode ID: b13129ba0f669a28ca00f61caf8228dce9fca78b393cc99d7b0e47fba99552ae
                                                                                                                                                                                • Instruction ID: d8c2bf4a41f8d47596d7e212a196e63f96e24a60825c263716f9721a4c55cacb
                                                                                                                                                                                • Opcode Fuzzy Hash: b13129ba0f669a28ca00f61caf8228dce9fca78b393cc99d7b0e47fba99552ae
                                                                                                                                                                                • Instruction Fuzzy Hash: 99A13A71900208BFDB219F60DD89EAE7F79FB04355F00817AFA04BA2A0C7799A51DF59
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004046CA, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 158 4046ca-404718 GetDlgItem * 2 159 404940-404947 158->159 160 40471e-4047b5 GlobalAlloc LoadBitmapA SetWindowLongA ImageList_Create ImageList_AddMasked SendMessageA * 2 158->160 161 404949-404959 159->161 162 40495b 159->162 163 4047c4-4047cd DeleteObject 160->163 164 4047b7-4047c2 SendMessageA 160->164 165 40495e-404967 161->165 162->165 166 4047cf-4047d7 163->166 164->163 167 404972-404978 165->167 168 404969-40496c 165->168 169 404800-404804 166->169 170 4047d9-4047dc 166->170 175 404987-40498e 167->175 176 40497a-404981 167->176 168->167 172 404a59-404a60 168->172 169->166 171 404806-404832 call 403d8f * 2 169->171 173 4047e1-4047fe call 4059ff SendMessageA * 2 170->173 174 4047de 170->174 214 404838-40483e 171->214 215 4048fc-40490f GetWindowLongA SetWindowLongA 171->215 180 404a62-404a68 172->180 181 404ad4-404adb 172->181 173->169 174->173 177 404990-404993 175->177 178 404a06-404a09 175->178 176->172 176->175 186 404995-40499c 177->186 187 40499e-4049b1 call 40464a 177->187 178->172 191 404a0b-404a15 178->191 189 404cb6-404cc8 call 403df6 180->189 190 404a6e-404a78 180->190 183 404ae9-404af0 181->183 184 404add-404ae7 SendMessageA 181->184 194 404af2-404af9 183->194 195 404b24-404b2b 183->195 184->183 186->178 186->187 187->178 213 4049b3-4049c4 187->213 190->189 198 404a7e-404a8d SendMessageA 190->198 192 404a25-404a2f 191->192 193 404a17-404a23 SendMessageA 191->193 192->172 200 404a31-404a35 192->200 193->192 201 404b02-404b09 194->201 202 404afb-404afc ImageList_Destroy 194->202 205 404b31-404b3b call 4011ef 195->205 206 404c78-404c7f 195->206 198->189 207 404a93-404aa4 SendMessageA 198->207 209 404a37-404a47 200->209 210 404a49-404a56 200->210 211 404b12-404b1e 201->211 212 404b0b-404b0c GlobalFree 201->212 202->201 232 404b44-404b47 205->232 233 404b3d-404b3f call 40140b 205->233 206->189 217 404c81-404c88 206->217 218 404aa6-404aac 207->218 219 404aae-404ab0 207->219 209->172 210->172 211->195 212->211 213->178 221 4049c6-4049c9 213->221 222 404841-404847 214->222 220 404915-404919 215->220 217->189 224 404c8a-404cb4 ShowWindow GetDlgItem ShowWindow 217->224 218->219 225 404ab1-404acd call 401299 SendMessageA 218->225 219->225 226 404933-40493e call 403dc4 220->226 227 40491b-40492e ShowWindow call 403dc4 220->227 228 4049cb-4049d3 221->228 229 4049df 221->229 230 4048dd-4048f0 222->230 231 40484d-404875 222->231 224->189 225->181 226->159 227->189 237 4049d5-4049d8 228->237 238 4049da-4049dd 228->238 241 4049e2-404a03 call 40117d 229->241 230->222 246 4048f6-4048fa 230->246 239 404877-4048ad SendMessageA 231->239 240 4048af-4048b1 231->240 243 404b88-404bac call 4011ef 232->243 244 404b49-404b62 call 4012e2 call 401299 232->244 233->232 237->241 238->241 239->230 250 4048b3-4048c2 SendMessageA 240->250 251 4048c4-4048da SendMessageA 240->251 241->178 258 404bb2 243->258 259 404c4e-404c62 InvalidateRect 243->259 263 404b72-404b81 SendMessageA 244->263 264 404b64-404b6a 244->264 246->215 246->220 250->230 251->230 262 404bb5-404bc0 258->262 259->206 261 404c64-404c73 call 40461d call 404568 259->261 261->206 266 404bc2-404bd1 262->266 267 404c36-404c48 262->267 263->243 268 404b6c 264->268 269 404b6d-404b70 264->269 271 404bd3-404be0 266->271 272 404be4-404be7 266->272 267->259 267->262 268->269 269->263 269->264 271->272 274 404be9-404bec 272->274 275 404bee-404bf7 272->275 276 404bfc-404c34 SendMessageA * 2 274->276 275->276 277 404bf9 275->277 276->267 277->276
                                                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                                                			E004046CA(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t271;
				long _t274;
				int _t277;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ea8; // 0x471fe4
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423e90; // 0x471cb8
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423e99 & 0x00000002;
							if(( *0x423e99 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E0040464A(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423e98; // 0xa1
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x420454;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x42046c;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x420454 = _t315;
									 *0x42046c = _t315;
									 *0x423ee0 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423e99 & 0x00000001;
										if(( *0x423e99 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423eac - _t315; // 0x7
										_v32 =  *0x42046c;
										_t196 =  *0x423ea8; // 0x471fe4
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42365c; // 0x4992b3
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E00404568(0x3ff, 0xfffffffb, E0040461D(5)); // executed
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x471fec
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x471ffc
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72); // executed
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423eac; // 0x7
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x42046c);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423ee0 = _a4;
					_t247 =  *0x423eac; // 0x7
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42046c = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423e80, 0x6e);
					 *0x420460 =  *0x420460 | 0xffffffff;
					_v24 = _t250;
					 *0x420468 = SetWindowLongA(_v8, 0xfffffffc, E00404CCB);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x420454 = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x420454);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							_t277 = SendMessageA(_v12, 0x143, _t315, E004059FF(_t286, _t315, _t320, _t315, _t258)); // executed
							SendMessageA(_v12, 0x151, _t277, _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403D8F(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403D8F(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423eac - _t318; // 0x7
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										_t271 = SendMessageA(_v8, 0x1100, 0,  &_v84); // executed
										 *( *0x42046c + _t318 * 4) = _t271;
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42046c + _t318 * 4) = _t274;
									_t288 =  *( *0x42046c + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423eac; // 0x7
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403DC4(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403DC4(_v12);
								L89:
								return E00403DF6(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}








































































                                                                                                                                                                                0x004046e8
                                                                                                                                                                                0x004046ee
                                                                                                                                                                                0x004046f0
                                                                                                                                                                                0x004046f6
                                                                                                                                                                                0x004046fc
                                                                                                                                                                                0x004046ff
                                                                                                                                                                                0x00404709
                                                                                                                                                                                0x00404712
                                                                                                                                                                                0x00404715
                                                                                                                                                                                0x00404718
                                                                                                                                                                                0x00404940
                                                                                                                                                                                0x00404940
                                                                                                                                                                                0x00404947
                                                                                                                                                                                0x0040495b
                                                                                                                                                                                0x00404949
                                                                                                                                                                                0x0040494b
                                                                                                                                                                                0x0040494e
                                                                                                                                                                                0x0040494f
                                                                                                                                                                                0x00404956
                                                                                                                                                                                0x00404956
                                                                                                                                                                                0x0040495e
                                                                                                                                                                                0x00404967
                                                                                                                                                                                0x00404972
                                                                                                                                                                                0x00404972
                                                                                                                                                                                0x00404975
                                                                                                                                                                                0x00404978
                                                                                                                                                                                0x00404987
                                                                                                                                                                                0x00404987
                                                                                                                                                                                0x0040498e
                                                                                                                                                                                0x00404a06
                                                                                                                                                                                0x00404a06
                                                                                                                                                                                0x00404a09
                                                                                                                                                                                0x00404a0b
                                                                                                                                                                                0x00404a0e
                                                                                                                                                                                0x00404a15
                                                                                                                                                                                0x00404a23
                                                                                                                                                                                0x00404a23
                                                                                                                                                                                0x00404a25
                                                                                                                                                                                0x00404a28
                                                                                                                                                                                0x00404a2f
                                                                                                                                                                                0x00404a31
                                                                                                                                                                                0x00404a35
                                                                                                                                                                                0x00404a52
                                                                                                                                                                                0x00404a56
                                                                                                                                                                                0x00404a56
                                                                                                                                                                                0x00404a37
                                                                                                                                                                                0x00404a44
                                                                                                                                                                                0x00404a44
                                                                                                                                                                                0x00404a35
                                                                                                                                                                                0x00404a2f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404a09
                                                                                                                                                                                0x00404990
                                                                                                                                                                                0x00404993
                                                                                                                                                                                0x0040499e
                                                                                                                                                                                0x004049a0
                                                                                                                                                                                0x004049a3
                                                                                                                                                                                0x004049aa
                                                                                                                                                                                0x004049af
                                                                                                                                                                                0x004049b1
                                                                                                                                                                                0x004049bb
                                                                                                                                                                                0x004049bb
                                                                                                                                                                                0x004049bf
                                                                                                                                                                                0x004049c1
                                                                                                                                                                                0x004049c4
                                                                                                                                                                                0x004049c6
                                                                                                                                                                                0x004049c9
                                                                                                                                                                                0x004049df
                                                                                                                                                                                0x004049df
                                                                                                                                                                                0x004049cb
                                                                                                                                                                                0x004049cb
                                                                                                                                                                                0x004049d1
                                                                                                                                                                                0x004049d3
                                                                                                                                                                                0x004049da
                                                                                                                                                                                0x004049d5
                                                                                                                                                                                0x004049d5
                                                                                                                                                                                0x004049d5
                                                                                                                                                                                0x004049d3
                                                                                                                                                                                0x004049e3
                                                                                                                                                                                0x004049e5
                                                                                                                                                                                0x004049ea
                                                                                                                                                                                0x004049f3
                                                                                                                                                                                0x004049f4
                                                                                                                                                                                0x004049fe
                                                                                                                                                                                0x004049fe
                                                                                                                                                                                0x00404a00
                                                                                                                                                                                0x00404a03
                                                                                                                                                                                0x00404a03
                                                                                                                                                                                0x004049c4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004049b1
                                                                                                                                                                                0x00404995
                                                                                                                                                                                0x00404998
                                                                                                                                                                                0x0040499c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040499c
                                                                                                                                                                                0x0040497a
                                                                                                                                                                                0x00404981
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404969
                                                                                                                                                                                0x00404969
                                                                                                                                                                                0x0040496c
                                                                                                                                                                                0x00404a59
                                                                                                                                                                                0x00404a59
                                                                                                                                                                                0x00404a60
                                                                                                                                                                                0x00404ad4
                                                                                                                                                                                0x00404ad4
                                                                                                                                                                                0x00404adb
                                                                                                                                                                                0x00404ae7
                                                                                                                                                                                0x00404ae7
                                                                                                                                                                                0x00404ae9
                                                                                                                                                                                0x00404af0
                                                                                                                                                                                0x00404af2
                                                                                                                                                                                0x00404af7
                                                                                                                                                                                0x00404af9
                                                                                                                                                                                0x00404afc
                                                                                                                                                                                0x00404afc
                                                                                                                                                                                0x00404b02
                                                                                                                                                                                0x00404b07
                                                                                                                                                                                0x00404b09
                                                                                                                                                                                0x00404b0c
                                                                                                                                                                                0x00404b0c
                                                                                                                                                                                0x00404b12
                                                                                                                                                                                0x00404b18
                                                                                                                                                                                0x00404b1e
                                                                                                                                                                                0x00404b1e
                                                                                                                                                                                0x00404b24
                                                                                                                                                                                0x00404b2b
                                                                                                                                                                                0x00404c78
                                                                                                                                                                                0x00404c78
                                                                                                                                                                                0x00404c7f
                                                                                                                                                                                0x00404c81
                                                                                                                                                                                0x00404c88
                                                                                                                                                                                0x00404c8c
                                                                                                                                                                                0x00404c99
                                                                                                                                                                                0x00404c99
                                                                                                                                                                                0x00404c9c
                                                                                                                                                                                0x00404ca2
                                                                                                                                                                                0x00404cb4
                                                                                                                                                                                0x00404cb4
                                                                                                                                                                                0x00404c88
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404b31
                                                                                                                                                                                0x00404b33
                                                                                                                                                                                0x00404b38
                                                                                                                                                                                0x00404b3b
                                                                                                                                                                                0x00404b3f
                                                                                                                                                                                0x00404b3f
                                                                                                                                                                                0x00404b44
                                                                                                                                                                                0x00404b47
                                                                                                                                                                                0x00404b88
                                                                                                                                                                                0x00404b8a
                                                                                                                                                                                0x00404b94
                                                                                                                                                                                0x00404b9a
                                                                                                                                                                                0x00404b9d
                                                                                                                                                                                0x00404ba2
                                                                                                                                                                                0x00404ba9
                                                                                                                                                                                0x00404bac
                                                                                                                                                                                0x00404c4e
                                                                                                                                                                                0x00404c54
                                                                                                                                                                                0x00404c5a
                                                                                                                                                                                0x00404c5f
                                                                                                                                                                                0x00404c62
                                                                                                                                                                                0x00404c73
                                                                                                                                                                                0x00404c73
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404bb2
                                                                                                                                                                                0x00404bb2
                                                                                                                                                                                0x00404bb2
                                                                                                                                                                                0x00404bb5
                                                                                                                                                                                0x00404bbb
                                                                                                                                                                                0x00404bbe
                                                                                                                                                                                0x00404bc0
                                                                                                                                                                                0x00404bc2
                                                                                                                                                                                0x00404bc4
                                                                                                                                                                                0x00404bc7
                                                                                                                                                                                0x00404bca
                                                                                                                                                                                0x00404bd1
                                                                                                                                                                                0x00404bd3
                                                                                                                                                                                0x00404bd6
                                                                                                                                                                                0x00404bdd
                                                                                                                                                                                0x00404be0
                                                                                                                                                                                0x00404be0
                                                                                                                                                                                0x00404be0
                                                                                                                                                                                0x00404be0
                                                                                                                                                                                0x00404be4
                                                                                                                                                                                0x00404be7
                                                                                                                                                                                0x00404bf3
                                                                                                                                                                                0x00404bf4
                                                                                                                                                                                0x00404bf7
                                                                                                                                                                                0x00404bf9
                                                                                                                                                                                0x00404bf9
                                                                                                                                                                                0x00404bf9
                                                                                                                                                                                0x00404be9
                                                                                                                                                                                0x00404beb
                                                                                                                                                                                0x00404beb
                                                                                                                                                                                0x00404c18
                                                                                                                                                                                0x00404c18
                                                                                                                                                                                0x00404c19
                                                                                                                                                                                0x00404c25
                                                                                                                                                                                0x00404c34
                                                                                                                                                                                0x00404c34
                                                                                                                                                                                0x00404c36
                                                                                                                                                                                0x00404c39
                                                                                                                                                                                0x00404c42
                                                                                                                                                                                0x00404c42
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404bb5
                                                                                                                                                                                0x00404b49
                                                                                                                                                                                0x00404b54
                                                                                                                                                                                0x00404b57
                                                                                                                                                                                0x00404b5c
                                                                                                                                                                                0x00404b5e
                                                                                                                                                                                0x00404b60
                                                                                                                                                                                0x00404b62
                                                                                                                                                                                0x00404b72
                                                                                                                                                                                0x00404b7c
                                                                                                                                                                                0x00404b7e
                                                                                                                                                                                0x00404b81
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404b64
                                                                                                                                                                                0x00404b64
                                                                                                                                                                                0x00404b64
                                                                                                                                                                                0x00404b67
                                                                                                                                                                                0x00404b6a
                                                                                                                                                                                0x00404b6c
                                                                                                                                                                                0x00404b6c
                                                                                                                                                                                0x00404b6c
                                                                                                                                                                                0x00404b6d
                                                                                                                                                                                0x00404b6e
                                                                                                                                                                                0x00404b6e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404b64
                                                                                                                                                                                0x00404b47
                                                                                                                                                                                0x00404b2b
                                                                                                                                                                                0x00404a62
                                                                                                                                                                                0x00404a68
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404a74
                                                                                                                                                                                0x00404a78
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404a88
                                                                                                                                                                                0x00404a8a
                                                                                                                                                                                0x00404a8d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404a9f
                                                                                                                                                                                0x00404aa1
                                                                                                                                                                                0x00404aa4
                                                                                                                                                                                0x00404aae
                                                                                                                                                                                0x00404ab0
                                                                                                                                                                                0x00404ab1
                                                                                                                                                                                0x00404ab2
                                                                                                                                                                                0x00404ac1
                                                                                                                                                                                0x00404ac3
                                                                                                                                                                                0x00404aca
                                                                                                                                                                                0x00404acd
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404acd
                                                                                                                                                                                0x00404aa6
                                                                                                                                                                                0x00404aa9
                                                                                                                                                                                0x00404aac
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404aac
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040496c
                                                                                                                                                                                0x0040471e
                                                                                                                                                                                0x00404723
                                                                                                                                                                                0x00404728
                                                                                                                                                                                0x0040472d
                                                                                                                                                                                0x0040472e
                                                                                                                                                                                0x00404737
                                                                                                                                                                                0x00404742
                                                                                                                                                                                0x0040474d
                                                                                                                                                                                0x00404753
                                                                                                                                                                                0x00404761
                                                                                                                                                                                0x00404776
                                                                                                                                                                                0x0040477b
                                                                                                                                                                                0x00404786
                                                                                                                                                                                0x0040478f
                                                                                                                                                                                0x004047a4
                                                                                                                                                                                0x004047b5
                                                                                                                                                                                0x004047c2
                                                                                                                                                                                0x004047c2
                                                                                                                                                                                0x004047c7
                                                                                                                                                                                0x004047cd
                                                                                                                                                                                0x004047cf
                                                                                                                                                                                0x004047d2
                                                                                                                                                                                0x004047d7
                                                                                                                                                                                0x004047dc
                                                                                                                                                                                0x004047de
                                                                                                                                                                                0x004047de
                                                                                                                                                                                0x004047f2
                                                                                                                                                                                0x004047fe
                                                                                                                                                                                0x004047fe
                                                                                                                                                                                0x00404800
                                                                                                                                                                                0x00404801
                                                                                                                                                                                0x00404806
                                                                                                                                                                                0x00404809
                                                                                                                                                                                0x0040480c
                                                                                                                                                                                0x00404810
                                                                                                                                                                                0x00404815
                                                                                                                                                                                0x0040481a
                                                                                                                                                                                0x0040481e
                                                                                                                                                                                0x00404823
                                                                                                                                                                                0x00404828
                                                                                                                                                                                0x0040482a
                                                                                                                                                                                0x0040482c
                                                                                                                                                                                0x00404832
                                                                                                                                                                                0x004048fc
                                                                                                                                                                                0x0040490f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404838
                                                                                                                                                                                0x0040483b
                                                                                                                                                                                0x0040483e
                                                                                                                                                                                0x00404841
                                                                                                                                                                                0x00404841
                                                                                                                                                                                0x00404847
                                                                                                                                                                                0x0040484d
                                                                                                                                                                                0x00404850
                                                                                                                                                                                0x00404856
                                                                                                                                                                                0x00404857
                                                                                                                                                                                0x0040485c
                                                                                                                                                                                0x00404865
                                                                                                                                                                                0x0040486c
                                                                                                                                                                                0x0040486f
                                                                                                                                                                                0x00404872
                                                                                                                                                                                0x00404875
                                                                                                                                                                                0x004048af
                                                                                                                                                                                0x004048b1
                                                                                                                                                                                0x004048d2
                                                                                                                                                                                0x004048da
                                                                                                                                                                                0x004048b3
                                                                                                                                                                                0x004048c0
                                                                                                                                                                                0x004048c0
                                                                                                                                                                                0x00404877
                                                                                                                                                                                0x0040487a
                                                                                                                                                                                0x00404889
                                                                                                                                                                                0x00404893
                                                                                                                                                                                0x0040489b
                                                                                                                                                                                0x004048a2
                                                                                                                                                                                0x004048aa
                                                                                                                                                                                0x004048aa
                                                                                                                                                                                0x00404875
                                                                                                                                                                                0x004048e0
                                                                                                                                                                                0x004048e1
                                                                                                                                                                                0x004048e7
                                                                                                                                                                                0x004048ed
                                                                                                                                                                                0x004048ed
                                                                                                                                                                                0x004048fa
                                                                                                                                                                                0x00404915
                                                                                                                                                                                0x00404919
                                                                                                                                                                                0x00404936
                                                                                                                                                                                0x0040493b
                                                                                                                                                                                0x0040493e
                                                                                                                                                                                0x0040493e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040491b
                                                                                                                                                                                0x00404920
                                                                                                                                                                                0x00404929
                                                                                                                                                                                0x00404cb6
                                                                                                                                                                                0x00404cc8
                                                                                                                                                                                0x00404cc8
                                                                                                                                                                                0x00404919
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004048fa
                                                                                                                                                                                0x00404832

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                • String ID: $M$N
                                                                                                                                                                                • API String ID: 1638840714-813528018
                                                                                                                                                                                • Opcode ID: 6f88420c93d77387f0f24d9c6c19e635542aef09cd36cac9f532a381c639e13e
                                                                                                                                                                                • Instruction ID: 1ebc4e1f5dd1db854d7f91ec63dfd1d34711f9484ded547680f267f962745bc2
                                                                                                                                                                                • Opcode Fuzzy Hash: 6f88420c93d77387f0f24d9c6c19e635542aef09cd36cac9f532a381c639e13e
                                                                                                                                                                                • Instruction Fuzzy Hash: 0802ADB0A00208EFDB20DF65DC45AAE7BB5FB84315F10817AF610BA2E1D7799A41CF58
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004041CD, Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 266stringCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 492 4041cd-4041fc 493 40420b-404212 492->493 494 4041fe-404206 call 405282 call 405c3f 492->494 496 404214-40422a GetDlgItem call 40553d 493->496 497 404286-40428d 493->497 494->493 508 40423c-404279 SetWindowTextA call 403d8f * 2 call 403dc4 call 405cff 496->508 509 40422c-404234 call 405564 496->509 500 404362-404369 497->500 501 404293-404299 497->501 506 404378-40438f call 405282 call 4055b1 500->506 507 40436b-404372 500->507 504 4042b3-4042b8 501->504 505 40429b-4042a6 501->505 504->500 512 4042be-404303 call 4059ff SHBrowseForFolderA 504->512 510 4042ac 505->510 511 4044ed-4044ff call 403df6 505->511 530 404391 506->530 531 404398-4043b1 call 4059dd call 405cff 506->531 507->506 507->511 508->511 550 40427f-404284 SHAutoComplete 508->550 509->508 528 404236-404237 call 4054d0 509->528 510->504 524 404305-40431f CoTaskMemFree call 4054d0 512->524 525 40435b 512->525 537 404321-404327 524->537 538 404349-404359 SetDlgItemTextA 524->538 525->500 528->508 530->531 548 4043b3-4043b7 531->548 549 4043e8-4043f7 call 4059dd call 405564 531->549 537->538 541 404329-404340 call 4059ff lstrcmpiA 537->541 538->500 541->538 552 404342-404344 lstrcatA 541->552 553 4043e6 548->553 554 4043b9-4043cb GetDiskFreeSpaceExA 548->554 565 4043f9 549->565 566 4043fc-404415 GetDiskFreeSpaceA 549->566 550->497 552->538 553->549 556 404439-40444f 554->556 557 4043cd-4043cf 554->557 559 404454 556->559 560 4043d1 557->560 561 4043d4-4043e4 call 405517 557->561 563 404459-404463 call 40461d 559->563 560->561 561->553 561->554 572 404470-404479 563->572 573 404465-404467 563->573 565->566 569 404451 566->569 570 404417-404437 MulDiv 566->570 569->559 570->563 574 4044a6-4044b0 572->574 575 40447b-40448b call 404568 572->575 573->572 576 404469 573->576 578 4044b2-4044b9 call 40140b 574->578 579 4044bc-4044c2 574->579 584 404498-4044a1 SetDlgItemTextA 575->584 585 40448d-404491 call 404568 575->585 576->572 578->579 582 4044c4 579->582 583 4044c7-4044d8 call 403db1 579->583 582->583 590 4044e7 583->590 591 4044da-4044e0 583->591 584->574 592 404496 585->592 590->511 591->590 593 4044e2 call 404162 591->593 592->574 593->590
                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                			E004041CD(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				union _ULARGE_INTEGER _v24;
				long _v28;
				union _ULARGE_INTEGER _v32;
				intOrPtr _v36;
				long _v40;
				union _ULARGE_INTEGER _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr _t124;
				signed int* _t145;
				intOrPtr _t147;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc48; // 0x471f24
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E00405282(0x3fb, _t162);
					E00405C3F(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405282(0x3fb, _t162);
							if(E004055B1(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E004059DD(0x41f440, _t162);
							_t145 = 0;
							_t86 = E00405CFF(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E004059DD(0x41f440, _t162);
								_t88 = E00405564(0x41f440);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f440,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f440) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = GetDiskFreeSpaceExA(0x41f440,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E00405517(0x41f440) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f440) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44.LowPart) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E0040461D(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								_t147 =  *0x42365c; // 0x4992b3
								if( *((intOrPtr*)(_t147 + 0x10)) != _t145) {
									E00404568(0x3ff, 0xfffffffb, _t94); // executed
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f430);
									} else {
										E00404568(_t163, 0xfffffffc, _t153); // executed
									}
								}
								_t95 = _v8;
								 *0x423f24 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403DB1(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x420464 == _t145) {
									E00404162();
								}
								 *0x420464 = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x420478;
							_v56 = E00404502;
							_v52 = _t162;
							_v64 = E004059FF(0x3fb, 0x420478, _t162, 0x41f848, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004054D0(_t162);
								_t124 =  *0x423e90; // 0x471cb8
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t162 == "C:\\Program Files\\Unlocker") {
									E004059FF(0x3fb, 0x420478, _t162, 0, _t125);
									if(lstrcmpiA(0x422e20, 0x420478) != 0) {
										lstrcatA(_t162, 0x422e20);
									}
								}
								 *0x420464 =  &(( *0x420464)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E0040553D(_t162) != 0 && E00405564(_t162) == 0) {
						E004054D0(_t162);
					}
					 *0x423658 = _t159;
					SetWindowTextA(_v12, _t162); // executed
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403D8F(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403D8F(_t159);
					E00403DC4(_v12);
					if(E00405CFF(7) == 0) {
						L53:
						return E00403DF6(_a8, _a12, _a16);
					}
					SHAutoComplete(_v12, 1); // executed
					goto L8;
				}
			}







































                                                                                                                                                                                0x004041d3
                                                                                                                                                                                0x004041da
                                                                                                                                                                                0x004041e6
                                                                                                                                                                                0x004041f4
                                                                                                                                                                                0x004041fc
                                                                                                                                                                                0x00404200
                                                                                                                                                                                0x00404206
                                                                                                                                                                                0x00404206
                                                                                                                                                                                0x00404212
                                                                                                                                                                                0x00404286
                                                                                                                                                                                0x0040428d
                                                                                                                                                                                0x00404362
                                                                                                                                                                                0x00404369
                                                                                                                                                                                0x00404378
                                                                                                                                                                                0x00404378
                                                                                                                                                                                0x0040437c
                                                                                                                                                                                0x00404382
                                                                                                                                                                                0x0040438f
                                                                                                                                                                                0x00404391
                                                                                                                                                                                0x00404391
                                                                                                                                                                                0x0040439f
                                                                                                                                                                                0x004043a4
                                                                                                                                                                                0x004043a7
                                                                                                                                                                                0x004043ae
                                                                                                                                                                                0x004043b1
                                                                                                                                                                                0x004043e8
                                                                                                                                                                                0x004043ea
                                                                                                                                                                                0x004043f0
                                                                                                                                                                                0x004043f7
                                                                                                                                                                                0x004043f9
                                                                                                                                                                                0x004043f9
                                                                                                                                                                                0x00404415
                                                                                                                                                                                0x00404451
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404417
                                                                                                                                                                                0x0040441a
                                                                                                                                                                                0x0040442e
                                                                                                                                                                                0x00404430
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404430
                                                                                                                                                                                0x004043b3
                                                                                                                                                                                0x004043b7
                                                                                                                                                                                0x004043e6
                                                                                                                                                                                0x004043e6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004043b9
                                                                                                                                                                                0x004043b9
                                                                                                                                                                                0x004043c6
                                                                                                                                                                                0x004043cb
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004043cf
                                                                                                                                                                                0x004043d1
                                                                                                                                                                                0x004043d1
                                                                                                                                                                                0x004043dc
                                                                                                                                                                                0x004043df
                                                                                                                                                                                0x004043e4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004043e4
                                                                                                                                                                                0x0040443f
                                                                                                                                                                                0x00404446
                                                                                                                                                                                0x0040444d
                                                                                                                                                                                0x00404454
                                                                                                                                                                                0x00404454
                                                                                                                                                                                0x00404459
                                                                                                                                                                                0x0040445b
                                                                                                                                                                                0x00404463
                                                                                                                                                                                0x00404469
                                                                                                                                                                                0x00404469
                                                                                                                                                                                0x00404470
                                                                                                                                                                                0x00404479
                                                                                                                                                                                0x00404483
                                                                                                                                                                                0x0040448b
                                                                                                                                                                                0x004044a1
                                                                                                                                                                                0x0040448d
                                                                                                                                                                                0x00404491
                                                                                                                                                                                0x00404491
                                                                                                                                                                                0x0040448b
                                                                                                                                                                                0x004044a6
                                                                                                                                                                                0x004044ab
                                                                                                                                                                                0x004044b0
                                                                                                                                                                                0x004044b9
                                                                                                                                                                                0x004044b9
                                                                                                                                                                                0x004044c2
                                                                                                                                                                                0x004044c4
                                                                                                                                                                                0x004044c4
                                                                                                                                                                                0x004044d0
                                                                                                                                                                                0x004044d8
                                                                                                                                                                                0x004044e2
                                                                                                                                                                                0x004044e2
                                                                                                                                                                                0x004044e7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004044e7
                                                                                                                                                                                0x004043b1
                                                                                                                                                                                0x0040436b
                                                                                                                                                                                0x00404372
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404372
                                                                                                                                                                                0x00404293
                                                                                                                                                                                0x00404299
                                                                                                                                                                                0x004042b3
                                                                                                                                                                                0x004042b8
                                                                                                                                                                                0x004042c2
                                                                                                                                                                                0x004042c9
                                                                                                                                                                                0x004042d8
                                                                                                                                                                                0x004042db
                                                                                                                                                                                0x004042de
                                                                                                                                                                                0x004042e5
                                                                                                                                                                                0x004042ed
                                                                                                                                                                                0x004042f0
                                                                                                                                                                                0x004042f4
                                                                                                                                                                                0x004042fb
                                                                                                                                                                                0x00404303
                                                                                                                                                                                0x0040435b
                                                                                                                                                                                0x00404305
                                                                                                                                                                                0x00404306
                                                                                                                                                                                0x0040430d
                                                                                                                                                                                0x00404312
                                                                                                                                                                                0x00404317
                                                                                                                                                                                0x0040431f
                                                                                                                                                                                0x0040432c
                                                                                                                                                                                0x00404340
                                                                                                                                                                                0x00404344
                                                                                                                                                                                0x00404344
                                                                                                                                                                                0x00404340
                                                                                                                                                                                0x00404349
                                                                                                                                                                                0x00404354
                                                                                                                                                                                0x00404354
                                                                                                                                                                                0x00404303
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004042b8
                                                                                                                                                                                0x004042a6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004042ac
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404214
                                                                                                                                                                                0x00404214
                                                                                                                                                                                0x00404220
                                                                                                                                                                                0x0040422a
                                                                                                                                                                                0x00404237
                                                                                                                                                                                0x00404237
                                                                                                                                                                                0x0040423d
                                                                                                                                                                                0x00404246
                                                                                                                                                                                0x0040424f
                                                                                                                                                                                0x00404252
                                                                                                                                                                                0x00404255
                                                                                                                                                                                0x0040425d
                                                                                                                                                                                0x00404260
                                                                                                                                                                                0x00404263
                                                                                                                                                                                0x0040426b
                                                                                                                                                                                0x00404279
                                                                                                                                                                                0x004044ed
                                                                                                                                                                                0x004044ff
                                                                                                                                                                                0x004044ff
                                                                                                                                                                                0x00404284
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404284

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32 ref: 00404219
                                                                                                                                                                                • SetWindowTextA.USER32(?,?), ref: 00404246
                                                                                                                                                                                • SHAutoComplete.SHLWAPI(?,00000001,00000007,?,?,00000014,?,?,00000001,?), ref: 00404284
                                                                                                                                                                                • SHBrowseForFolderA.SHELL32(?,0041F848,?), ref: 004042FB
                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404306
                                                                                                                                                                                • lstrcmpiA.KERNEL32(Remove folder: ,00420478,00000000,?,?), ref: 00404338
                                                                                                                                                                                • lstrcatA.KERNEL32(?,Remove folder: ), ref: 00404344
                                                                                                                                                                                • SetDlgItemTextA.USER32 ref: 00404354
                                                                                                                                                                                  • Part of subcall function 00405282: GetDlgItemTextA.USER32 ref: 00405295
                                                                                                                                                                                  • Part of subcall function 00405C3F: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405C97
                                                                                                                                                                                  • Part of subcall function 00405C3F: CharNextA.USER32(?,?,?,00000000), ref: 00405CA4
                                                                                                                                                                                  • Part of subcall function 00405C3F: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CA9
                                                                                                                                                                                  • Part of subcall function 00405C3F: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CB9
                                                                                                                                                                                • GetDiskFreeSpaceExA.KERNELBASE(C:\Program Files\,?,?,?,00000000,C:\Program Files\,?,?,000003FB,?), ref: 004043C6
                                                                                                                                                                                • GetDiskFreeSpaceA.KERNEL32(C:\Program Files\,?,?,0000040F,?,C:\Program Files\,C:\Program Files\,?,00000000,C:\Program Files\,?,?,000003FB,?), ref: 0040440D
                                                                                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404428
                                                                                                                                                                                • SetDlgItemTextA.USER32 ref: 004044A1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CharItemText$FreeNext$DiskSpace$AutoBrowseCompleteFolderPrevTaskWindowlstrcatlstrcmpi
                                                                                                                                                                                • String ID: A$C:\Program Files\$C:\Program Files\Unlocker$Remove folder:
                                                                                                                                                                                • API String ID: 936030579-772531688
                                                                                                                                                                                • Opcode ID: f620154ea62ad6bd0c942c410229765c9d88c2cad30687c3b8eb4897cd28c5b9
                                                                                                                                                                                • Instruction ID: b374e158efdd7287bf49babe660ec8015a33fdd664c905072b33ae798ddb7db4
                                                                                                                                                                                • Opcode Fuzzy Hash: f620154ea62ad6bd0c942c410229765c9d88c2cad30687c3b8eb4897cd28c5b9
                                                                                                                                                                                • Instruction Fuzzy Hash: 4C9175B1A00219ABDF11AFA1CC84AAF7AB8EF44354F10407BFA04B62D1D77C9A41DB59
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00405302, Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 156filestringCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 662 405302-40531d call 4055b1 665 405336-405340 662->665 666 40531f-405331 DeleteFileA 662->666 668 405342-405344 665->668 669 405354-405362 call 4059dd 665->669 667 4054ca-4054cd 666->667 670 405475-40547b 668->670 671 40534a-40534e 668->671 677 405371-405372 call 405517 669->677 678 405364-40536f lstrcatA 669->678 670->667 673 40547d-405480 670->673 671->669 671->670 675 405482-405488 673->675 676 40548a-405492 call 405cd8 673->676 675->667 676->667 686 405494-4054a9 call 4054d0 call 405695 RemoveDirectoryA 676->686 680 405377-40537a 677->680 678->680 683 405385-40538b lstrcatA 680->683 684 40537c-405383 680->684 685 405390-4053ae lstrlenA FindFirstFileA 683->685 684->683 684->685 687 4053b4-4053cb call 4054fb 685->687 688 40546b-40546f 685->688 701 4054c2-4054c5 call 404d7b 686->701 702 4054ab-4054af 686->702 695 4053d6-4053d9 687->695 696 4053cd-4053d1 687->696 688->670 690 405471 688->690 690->670 699 4053db-4053e0 695->699 700 4053ec-4053fa call 4059dd 695->700 696->695 698 4053d3 696->698 698->695 704 4053e2-4053e4 699->704 705 40544a-40545c FindNextFileA 699->705 713 405411-405420 call 405695 DeleteFileA 700->713 714 4053fc-405404 700->714 701->667 702->675 707 4054b1-4054c0 call 404d7b call 40572b 702->707 704->700 708 4053e6-4053ea 704->708 705->687 710 405462-405465 FindClose 705->710 707->667 708->700 708->705 710->688 722 405442-405445 call 404d7b 713->722 723 405422-405426 713->723 714->705 717 405406-40540f call 405302 714->717 717->705 722->705 724 405428-405438 call 404d7b call 40572b 723->724 725 40543a-405440 723->725 724->705 725->705
                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                			E00405302(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E004055B1(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f08 =  *0x423f08 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E004059DD(0x421480, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E00405517(_t72);
					} else {
						lstrcatA(0x421480, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]); // executed
						_t37 = FindFirstFileA(0x421480,  &_v332); // executed
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004054FB( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E004059DD(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E00405695(_t72);
									_t52 = DeleteFileA(_t72); // executed
									__eflags = _t52;
									if(_t52 != 0) {
										E00404D7B(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f08 =  *0x423f08 + 1;
										} else {
											E00404D7B(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E0040572B();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405302(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x421480 - 0x5c;
					if( *0x421480 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405CD8(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E004054D0(_t72);
							E00405695(_t72);
							_t37 = RemoveDirectoryA(_t72); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404D7B(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404D7B(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E0040572B();
						}
						L33:
						 *0x423f08 =  *0x423f08 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                                                                                                                0x0040530d
                                                                                                                                                                                0x00405311
                                                                                                                                                                                0x0040531a
                                                                                                                                                                                0x0040531d
                                                                                                                                                                                0x00405320
                                                                                                                                                                                0x00405328
                                                                                                                                                                                0x0040532a
                                                                                                                                                                                0x0040532b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040532b
                                                                                                                                                                                0x0040533a
                                                                                                                                                                                0x0040533a
                                                                                                                                                                                0x0040533d
                                                                                                                                                                                0x00405340
                                                                                                                                                                                0x00405354
                                                                                                                                                                                0x0040535b
                                                                                                                                                                                0x00405360
                                                                                                                                                                                0x00405362
                                                                                                                                                                                0x00405372
                                                                                                                                                                                0x00405364
                                                                                                                                                                                0x0040536a
                                                                                                                                                                                0x0040536a
                                                                                                                                                                                0x00405377
                                                                                                                                                                                0x0040537a
                                                                                                                                                                                0x00405385
                                                                                                                                                                                0x0040538b
                                                                                                                                                                                0x00405390
                                                                                                                                                                                0x004053a0
                                                                                                                                                                                0x004053a2
                                                                                                                                                                                0x004053a8
                                                                                                                                                                                0x004053ab
                                                                                                                                                                                0x004053ae
                                                                                                                                                                                0x0040546b
                                                                                                                                                                                0x0040546b
                                                                                                                                                                                0x0040546f
                                                                                                                                                                                0x00405471
                                                                                                                                                                                0x00405471
                                                                                                                                                                                0x00405471
                                                                                                                                                                                0x00405471
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004053b4
                                                                                                                                                                                0x004053b4
                                                                                                                                                                                0x004053bd
                                                                                                                                                                                0x004053c3
                                                                                                                                                                                0x004053c8
                                                                                                                                                                                0x004053cb
                                                                                                                                                                                0x004053cd
                                                                                                                                                                                0x004053d1
                                                                                                                                                                                0x004053d3
                                                                                                                                                                                0x004053d3
                                                                                                                                                                                0x004053d1
                                                                                                                                                                                0x004053d6
                                                                                                                                                                                0x004053d9
                                                                                                                                                                                0x004053ec
                                                                                                                                                                                0x004053ee
                                                                                                                                                                                0x004053f3
                                                                                                                                                                                0x004053fa
                                                                                                                                                                                0x00405412
                                                                                                                                                                                0x00405418
                                                                                                                                                                                0x0040541e
                                                                                                                                                                                0x00405420
                                                                                                                                                                                0x00405445
                                                                                                                                                                                0x00405422
                                                                                                                                                                                0x00405422
                                                                                                                                                                                0x00405426
                                                                                                                                                                                0x0040543a
                                                                                                                                                                                0x00405428
                                                                                                                                                                                0x0040542b
                                                                                                                                                                                0x00405430
                                                                                                                                                                                0x00405432
                                                                                                                                                                                0x00405433
                                                                                                                                                                                0x00405433
                                                                                                                                                                                0x00405426
                                                                                                                                                                                0x004053fc
                                                                                                                                                                                0x00405402
                                                                                                                                                                                0x00405404
                                                                                                                                                                                0x0040540a
                                                                                                                                                                                0x0040540a
                                                                                                                                                                                0x00405404
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004053fa
                                                                                                                                                                                0x004053db
                                                                                                                                                                                0x004053de
                                                                                                                                                                                0x004053e0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004053e2
                                                                                                                                                                                0x004053e4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004053e6
                                                                                                                                                                                0x004053ea
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040544a
                                                                                                                                                                                0x00405454
                                                                                                                                                                                0x0040545a
                                                                                                                                                                                0x0040545a
                                                                                                                                                                                0x00405465
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405465
                                                                                                                                                                                0x0040537c
                                                                                                                                                                                0x00405383
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405342
                                                                                                                                                                                0x00405342
                                                                                                                                                                                0x00405344
                                                                                                                                                                                0x00405475
                                                                                                                                                                                0x00405478
                                                                                                                                                                                0x0040547b
                                                                                                                                                                                0x004054cd
                                                                                                                                                                                0x004054cd
                                                                                                                                                                                0x004054cd
                                                                                                                                                                                0x0040547d
                                                                                                                                                                                0x00405480
                                                                                                                                                                                0x0040548b
                                                                                                                                                                                0x00405490
                                                                                                                                                                                0x00405492
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405495
                                                                                                                                                                                0x0040549b
                                                                                                                                                                                0x004054a1
                                                                                                                                                                                0x004054a7
                                                                                                                                                                                0x004054a9
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004054c5
                                                                                                                                                                                0x004054ab
                                                                                                                                                                                0x004054af
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004054b4
                                                                                                                                                                                0x004054b9
                                                                                                                                                                                0x004054ba
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004054bb
                                                                                                                                                                                0x00405482
                                                                                                                                                                                0x00405482
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405482
                                                                                                                                                                                0x0040534a
                                                                                                                                                                                0x0040534e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040534e

                                                                                                                                                                                APIs
                                                                                                                                                                                • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,00000000), ref: 00405320
                                                                                                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,00000000), ref: 0040536A
                                                                                                                                                                                • lstrcatA.KERNEL32(?,00409010,?,C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,00000000), ref: 0040538B
                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,00000000), ref: 00405391
                                                                                                                                                                                • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\*.*,?,?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,00000000), ref: 004053A2
                                                                                                                                                                                • FindNextFileA.KERNELBASE(?,00000010,000000F2,?), ref: 00405454
                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 00405465
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\Unlocker1.9.2.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\*.*$\*.*
                                                                                                                                                                                • API String ID: 2035342205-2848937758
                                                                                                                                                                                • Opcode ID: ab34e0f4a398502fe4f841fd0ab2e19b6a8460b2f5b0e4388ce4a397f92dccb8
                                                                                                                                                                                • Instruction ID: 4b200e60d3e8d58e0ab6cbb93b3ca9934a2dcfa31e3b076817fab6d13423d761
                                                                                                                                                                                • Opcode Fuzzy Hash: ab34e0f4a398502fe4f841fd0ab2e19b6a8460b2f5b0e4388ce4a397f92dccb8
                                                                                                                                                                                • Instruction Fuzzy Hash: 45511230844A48B6DB226B228C45BFF3A78DF4275AF14813BF845751D1C77C4981DE6E
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004059FF, Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 197stringCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 731 4059ff-405a0a 732 405a0c-405a1b 731->732 733 405a1d-405a3a 731->733 732->733 734 405a40-405a47 733->734 735 405c1c-405c20 733->735 734->735 736 405c26-405c30 735->736 737 405a4c-405a56 735->737 739 405c32-405c36 call 4059dd 736->739 740 405c3b-405c3c 736->740 737->736 738 405a5c-405a63 737->738 741 405a69-405a9e 738->741 742 405c0f 738->742 739->740 744 405aa4-405aaf GetVersion 741->744 745 405bb9-405bbc 741->745 746 405c11-405c17 742->746 747 405c19-405c1b 742->747 748 405ab1-405ab5 744->748 749 405ac9 744->749 750 405bec-405bef 745->750 751 405bbe-405bc1 745->751 746->735 747->735 748->749 752 405ab7-405abb 748->752 755 405ad0-405ad7 749->755 756 405bf1-405bf8 call 4059ff 750->756 757 405bfd-405c0d lstrlenA 750->757 753 405bd1-405bdd call 4059dd 751->753 754 405bc3-405bcf call 40593b 751->754 752->749 759 405abd-405ac1 752->759 768 405be2-405be8 753->768 754->768 761 405ad9-405adb 755->761 762 405adc-405ade 755->762 756->757 757->735 759->749 764 405ac3-405ac7 759->764 761->762 766 405ae0-405afb call 4058c4 762->766 767 405b17-405b1a 762->767 764->755 776 405b00-405b03 766->776 769 405b2a-405b2d 767->769 770 405b1c-405b28 GetSystemDirectoryA 767->770 768->757 772 405bea 768->772 774 405b97-405b99 769->774 775 405b2f-405b3d GetWindowsDirectoryA 769->775 773 405b9b-405b9e 770->773 777 405bb1-405bb7 call 405c3f 772->777 773->777 778 405ba0-405ba4 773->778 774->773 780 405b3f-405b49 774->780 775->774 776->778 781 405b09-405b12 call 4059ff 776->781 777->757 778->777 783 405ba6-405bac lstrcatA 778->783 785 405b63-405b79 SHGetSpecialFolderLocation 780->785 786 405b4b-405b4e 780->786 781->773 783->777 789 405b94 785->789 790 405b7b-405b92 SHGetPathFromIDListA CoTaskMemFree 785->790 786->785 788 405b50-405b57 786->788 791 405b5f-405b61 788->791 789->774 790->773 790->789 791->773 791->785
                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                			E004059FF(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42365c; // 0x4992b3
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x423eb8; // 0x478bf4
				_t74 = _t73 + _t36;
				_t37 = 0x422e20;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422e20;
				if(_a4 - 0x422e20 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E004059FF(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422e20;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x424000;
							E004059DD(_t86, (_t95 << 0xa) + 0x424000);
						} else {
							E0040593B(_t86,  *0x423e88);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405C3F(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f04;
						if( *0x423f04 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423e84; // 0x73951340
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423e88,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423e88,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86); // executed
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423eb8;
							E004058C4(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423eb8, _t86, _t69 & 0x00000040); // executed
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E004059FF(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E004059DD(_a4, _t37);
			}






























                                                                                                                                                                                0x004059ff
                                                                                                                                                                                0x004059ff
                                                                                                                                                                                0x004059ff
                                                                                                                                                                                0x00405a05
                                                                                                                                                                                0x00405a0a
                                                                                                                                                                                0x00405a0c
                                                                                                                                                                                0x00405a1b
                                                                                                                                                                                0x00405a1b
                                                                                                                                                                                0x00405a1d
                                                                                                                                                                                0x00405a26
                                                                                                                                                                                0x00405a28
                                                                                                                                                                                0x00405a2d
                                                                                                                                                                                0x00405a30
                                                                                                                                                                                0x00405a31
                                                                                                                                                                                0x00405a38
                                                                                                                                                                                0x00405a3a
                                                                                                                                                                                0x00405a40
                                                                                                                                                                                0x00405a43
                                                                                                                                                                                0x00405a43
                                                                                                                                                                                0x00405c1c
                                                                                                                                                                                0x00405c1c
                                                                                                                                                                                0x00405c20
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405a50
                                                                                                                                                                                0x00405a56
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405a5c
                                                                                                                                                                                0x00405a5d
                                                                                                                                                                                0x00405a60
                                                                                                                                                                                0x00405a63
                                                                                                                                                                                0x00405c0f
                                                                                                                                                                                0x00405c19
                                                                                                                                                                                0x00405c1b
                                                                                                                                                                                0x00405c1b
                                                                                                                                                                                0x00405c11
                                                                                                                                                                                0x00405c13
                                                                                                                                                                                0x00405c15
                                                                                                                                                                                0x00405c16
                                                                                                                                                                                0x00405c16
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405c0f
                                                                                                                                                                                0x00405a69
                                                                                                                                                                                0x00405a6d
                                                                                                                                                                                0x00405a7d
                                                                                                                                                                                0x00405a81
                                                                                                                                                                                0x00405a88
                                                                                                                                                                                0x00405a8b
                                                                                                                                                                                0x00405a8f
                                                                                                                                                                                0x00405a95
                                                                                                                                                                                0x00405a98
                                                                                                                                                                                0x00405a9b
                                                                                                                                                                                0x00405a9e
                                                                                                                                                                                0x00405bb9
                                                                                                                                                                                0x00405bbc
                                                                                                                                                                                0x00405bec
                                                                                                                                                                                0x00405bef
                                                                                                                                                                                0x00405bf4
                                                                                                                                                                                0x00405bf8
                                                                                                                                                                                0x00405bf8
                                                                                                                                                                                0x00405bfd
                                                                                                                                                                                0x00405bfe
                                                                                                                                                                                0x00405c03
                                                                                                                                                                                0x00405c06
                                                                                                                                                                                0x00405c08
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405c08
                                                                                                                                                                                0x00405bbe
                                                                                                                                                                                0x00405bc1
                                                                                                                                                                                0x00405bd6
                                                                                                                                                                                0x00405bdd
                                                                                                                                                                                0x00405bc3
                                                                                                                                                                                0x00405bca
                                                                                                                                                                                0x00405bca
                                                                                                                                                                                0x00405be5
                                                                                                                                                                                0x00405be8
                                                                                                                                                                                0x00405bb1
                                                                                                                                                                                0x00405bb2
                                                                                                                                                                                0x00405bb2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405be8
                                                                                                                                                                                0x00405aa6
                                                                                                                                                                                0x00405aa7
                                                                                                                                                                                0x00405aad
                                                                                                                                                                                0x00405aaf
                                                                                                                                                                                0x00405ac9
                                                                                                                                                                                0x00405ac9
                                                                                                                                                                                0x00405ad0
                                                                                                                                                                                0x00405ad0
                                                                                                                                                                                0x00405ad7
                                                                                                                                                                                0x00405adb
                                                                                                                                                                                0x00405adb
                                                                                                                                                                                0x00405adc
                                                                                                                                                                                0x00405ade
                                                                                                                                                                                0x00405b17
                                                                                                                                                                                0x00405b1a
                                                                                                                                                                                0x00405b2a
                                                                                                                                                                                0x00405b2d
                                                                                                                                                                                0x00405b35
                                                                                                                                                                                0x00405b3b
                                                                                                                                                                                0x00405b3b
                                                                                                                                                                                0x00405b97
                                                                                                                                                                                0x00405b97
                                                                                                                                                                                0x00405b99
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405b3f
                                                                                                                                                                                0x00405b46
                                                                                                                                                                                0x00405b47
                                                                                                                                                                                0x00405b49
                                                                                                                                                                                0x00405b63
                                                                                                                                                                                0x00405b71
                                                                                                                                                                                0x00405b77
                                                                                                                                                                                0x00405b79
                                                                                                                                                                                0x00405b94
                                                                                                                                                                                0x00405b94
                                                                                                                                                                                0x00405b94
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405b94
                                                                                                                                                                                0x00405b7f
                                                                                                                                                                                0x00405b8a
                                                                                                                                                                                0x00405b90
                                                                                                                                                                                0x00405b92
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405b92
                                                                                                                                                                                0x00405b4b
                                                                                                                                                                                0x00405b4e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405b5d
                                                                                                                                                                                0x00405b5f
                                                                                                                                                                                0x00405b61
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405b61
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405b97
                                                                                                                                                                                0x00405b22
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ae0
                                                                                                                                                                                0x00405ae5
                                                                                                                                                                                0x00405afb
                                                                                                                                                                                0x00405b00
                                                                                                                                                                                0x00405b03
                                                                                                                                                                                0x00405ba0
                                                                                                                                                                                0x00405ba0
                                                                                                                                                                                0x00405ba4
                                                                                                                                                                                0x00405bac
                                                                                                                                                                                0x00405bac
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ba4
                                                                                                                                                                                0x00405b0d
                                                                                                                                                                                0x00405b9b
                                                                                                                                                                                0x00405b9b
                                                                                                                                                                                0x00405b9e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405b9e
                                                                                                                                                                                0x00405ade
                                                                                                                                                                                0x00405ab1
                                                                                                                                                                                0x00405ab5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ab7
                                                                                                                                                                                0x00405abb
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405abd
                                                                                                                                                                                0x00405ac1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ac3
                                                                                                                                                                                0x00405ac3
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ac3
                                                                                                                                                                                0x00405ac1
                                                                                                                                                                                0x00405c26
                                                                                                                                                                                0x00405c30
                                                                                                                                                                                0x00405c3c
                                                                                                                                                                                0x00405c3c
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetVersion.KERNEL32(00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00000000,00404DB3,Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00000000), ref: 00405AA7
                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32(Remove folder: ,00000400), ref: 00405B22
                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(Remove folder: ,00000400), ref: 00405B35
                                                                                                                                                                                • SHGetSpecialFolderLocation.SHELL32(?,004ED7FE), ref: 00405B71
                                                                                                                                                                                • SHGetPathFromIDListA.SHELL32(004ED7FE,Remove folder: ), ref: 00405B7F
                                                                                                                                                                                • CoTaskMemFree.OLE32(004ED7FE), ref: 00405B8A
                                                                                                                                                                                • lstrcatA.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 00405BAC
                                                                                                                                                                                • lstrlenA.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00000000,00404DB3,Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00000000), ref: 00405BFE
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                                                • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                • API String ID: 900638850-2393298741
                                                                                                                                                                                • Opcode ID: 2d5ebac93c140e73d4be386df5cf957c2dfe9d46f2c0b54d72834ecc596bd5b5
                                                                                                                                                                                • Instruction ID: d3edd175ae4d098aa1e1d30cbcff8d3f456ad99068bf2b680a9da6a8a672f2a4
                                                                                                                                                                                • Opcode Fuzzy Hash: 2d5ebac93c140e73d4be386df5cf957c2dfe9d46f2c0b54d72834ecc596bd5b5
                                                                                                                                                                                • Instruction Fuzzy Hash: 30511471A04A04ABEB215F68DC84B7F3BB4EB55324F14423BE911B62D1D27C6981DF4E
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00402020, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134comCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                			E00402020() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				short* _t99;
				void* _t100;

				 *(_t100 - 0x30) = E004029F6(0xfffffff0);
				_t96 = E004029F6(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029F6(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029F6(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029F6(0x45);
				if(E0040553D(_t96) == 0) {
					E004029F6(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44); // executed
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Program Files\\Unlocker");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t99 = L"C:\\Users\\jones\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Unlocker\\Uninstall.lnk";
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, _t99, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, _t99, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}






















                                                                                                                                                                                0x00402029
                                                                                                                                                                                0x00402033
                                                                                                                                                                                0x0040203c
                                                                                                                                                                                0x00402046
                                                                                                                                                                                0x0040204f
                                                                                                                                                                                0x00402059
                                                                                                                                                                                0x0040205d
                                                                                                                                                                                0x0040205d
                                                                                                                                                                                0x00402062
                                                                                                                                                                                0x00402073
                                                                                                                                                                                0x0040207b
                                                                                                                                                                                0x0040215b
                                                                                                                                                                                0x0040215b
                                                                                                                                                                                0x00402162
                                                                                                                                                                                0x00402081
                                                                                                                                                                                0x00402081
                                                                                                                                                                                0x00402092
                                                                                                                                                                                0x00402096
                                                                                                                                                                                0x0040209c
                                                                                                                                                                                0x004020a6
                                                                                                                                                                                0x004020a8
                                                                                                                                                                                0x004020b3
                                                                                                                                                                                0x004020b6
                                                                                                                                                                                0x004020c3
                                                                                                                                                                                0x004020c5
                                                                                                                                                                                0x004020c7
                                                                                                                                                                                0x004020ce
                                                                                                                                                                                0x004020d1
                                                                                                                                                                                0x004020d1
                                                                                                                                                                                0x004020d4
                                                                                                                                                                                0x004020de
                                                                                                                                                                                0x004020e6
                                                                                                                                                                                0x004020eb
                                                                                                                                                                                0x004020f7
                                                                                                                                                                                0x004020f7
                                                                                                                                                                                0x004020fa
                                                                                                                                                                                0x00402103
                                                                                                                                                                                0x00402106
                                                                                                                                                                                0x0040210f
                                                                                                                                                                                0x00402114
                                                                                                                                                                                0x00402116
                                                                                                                                                                                0x00402126
                                                                                                                                                                                0x00402135
                                                                                                                                                                                0x00402137
                                                                                                                                                                                0x00402143
                                                                                                                                                                                0x00402143
                                                                                                                                                                                0x00402135
                                                                                                                                                                                0x00402145
                                                                                                                                                                                0x0040214b
                                                                                                                                                                                0x0040214b
                                                                                                                                                                                0x0040214e
                                                                                                                                                                                0x00402154
                                                                                                                                                                                0x00402159
                                                                                                                                                                                0x0040216e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402159
                                                                                                                                                                                0x00402164
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnk,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                                                                                                                                                                Strings
                                                                                                                                                                                • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnk, xrefs: 00402116, 00402120, 0040213C
                                                                                                                                                                                • C:\Program Files\Unlocker, xrefs: 004020AB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                                                • String ID: C:\Program Files\Unlocker$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnk
                                                                                                                                                                                • API String ID: 123533781-2677551611
                                                                                                                                                                                • Opcode ID: 71453fb45c89770e4f5e9780d50359adef83bdbe6145f3bfd3e7a5e9e412efc0
                                                                                                                                                                                • Instruction ID: ce0b4858a9f81ea3ddc308d80d774a06bef6b406c5dcff46aa6a4b0d76e862c7
                                                                                                                                                                                • Opcode Fuzzy Hash: 71453fb45c89770e4f5e9780d50359adef83bdbe6145f3bfd3e7a5e9e412efc0
                                                                                                                                                                                • Instruction Fuzzy Hash: AE418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00405FA8, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                                                			E00405FA8() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M0040684B))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4)); // executed
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405fa8
                                                                                                                                                                                0x00405fa8
                                                                                                                                                                                0x00405fad
                                                                                                                                                                                0x00406024
                                                                                                                                                                                0x0040602b
                                                                                                                                                                                0x00406035
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x0040661d
                                                                                                                                                                                0x00406623
                                                                                                                                                                                0x00406629
                                                                                                                                                                                0x00406643
                                                                                                                                                                                0x00406646
                                                                                                                                                                                0x0040664c
                                                                                                                                                                                0x00406657
                                                                                                                                                                                0x00406659
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040663a
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x00406663
                                                                                                                                                                                0x0040668a
                                                                                                                                                                                0x0040668a
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406665
                                                                                                                                                                                0x00406665
                                                                                                                                                                                0x00406669
                                                                                                                                                                                0x00406818
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406818
                                                                                                                                                                                0x00406675
                                                                                                                                                                                0x0040667c
                                                                                                                                                                                0x00406684
                                                                                                                                                                                0x00406687
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406687
                                                                                                                                                                                0x00405faf
                                                                                                                                                                                0x00405faf
                                                                                                                                                                                0x00405fb3
                                                                                                                                                                                0x00405fbb
                                                                                                                                                                                0x00405fbe
                                                                                                                                                                                0x00405fc0
                                                                                                                                                                                0x00405fc3
                                                                                                                                                                                0x00405fc5
                                                                                                                                                                                0x00405fca
                                                                                                                                                                                0x00405fcd
                                                                                                                                                                                0x00405fd4
                                                                                                                                                                                0x00405fdb
                                                                                                                                                                                0x00405fde
                                                                                                                                                                                0x00405fe9
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405ff8
                                                                                                                                                                                0x00406016
                                                                                                                                                                                0x00406018
                                                                                                                                                                                0x004061eb
                                                                                                                                                                                0x004061eb
                                                                                                                                                                                0x004061ee
                                                                                                                                                                                0x004061f1
                                                                                                                                                                                0x004061f4
                                                                                                                                                                                0x004061f7
                                                                                                                                                                                0x004061fa
                                                                                                                                                                                0x004061fd
                                                                                                                                                                                0x00406200
                                                                                                                                                                                0x00406203
                                                                                                                                                                                0x00406209
                                                                                                                                                                                0x00406221
                                                                                                                                                                                0x00406224
                                                                                                                                                                                0x00406227
                                                                                                                                                                                0x0040622a
                                                                                                                                                                                0x0040622a
                                                                                                                                                                                0x0040622d
                                                                                                                                                                                0x00406233
                                                                                                                                                                                0x0040620b
                                                                                                                                                                                0x0040620b
                                                                                                                                                                                0x00406213
                                                                                                                                                                                0x00406218
                                                                                                                                                                                0x0040621a
                                                                                                                                                                                0x0040621c
                                                                                                                                                                                0x0040621c
                                                                                                                                                                                0x0040623d
                                                                                                                                                                                0x00406240
                                                                                                                                                                                0x004061e3
                                                                                                                                                                                0x004061e9
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406242
                                                                                                                                                                                0x004061be
                                                                                                                                                                                0x004061c2
                                                                                                                                                                                0x004067ca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067ca
                                                                                                                                                                                0x004061c8
                                                                                                                                                                                0x004061cb
                                                                                                                                                                                0x004061ce
                                                                                                                                                                                0x004061d2
                                                                                                                                                                                0x004061d5
                                                                                                                                                                                0x004061db
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061e0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004061e0
                                                                                                                                                                                0x00405ffa
                                                                                                                                                                                0x00405ffa
                                                                                                                                                                                0x00405ffd
                                                                                                                                                                                0x00406003
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406008
                                                                                                                                                                                0x0040600b
                                                                                                                                                                                0x0040600d
                                                                                                                                                                                0x0040600e
                                                                                                                                                                                0x00406011
                                                                                                                                                                                0x0040607e
                                                                                                                                                                                0x0040607e
                                                                                                                                                                                0x00406082
                                                                                                                                                                                0x00406085
                                                                                                                                                                                0x00406088
                                                                                                                                                                                0x0040608b
                                                                                                                                                                                0x0040608e
                                                                                                                                                                                0x0040608f
                                                                                                                                                                                0x00406092
                                                                                                                                                                                0x00406094
                                                                                                                                                                                0x0040609a
                                                                                                                                                                                0x0040609d
                                                                                                                                                                                0x004060a0
                                                                                                                                                                                0x004060a3
                                                                                                                                                                                0x004060a6
                                                                                                                                                                                0x004060ac
                                                                                                                                                                                0x004060c8
                                                                                                                                                                                0x004060cb
                                                                                                                                                                                0x004060ce
                                                                                                                                                                                0x004060d1
                                                                                                                                                                                0x004060d8
                                                                                                                                                                                0x004060de
                                                                                                                                                                                0x004060e2
                                                                                                                                                                                0x004060ae
                                                                                                                                                                                0x004060ae
                                                                                                                                                                                0x004060b2
                                                                                                                                                                                0x004060ba
                                                                                                                                                                                0x004060bf
                                                                                                                                                                                0x004060c1
                                                                                                                                                                                0x004060c3
                                                                                                                                                                                0x004060c3
                                                                                                                                                                                0x004060ec
                                                                                                                                                                                0x004060ef
                                                                                                                                                                                0x00406066
                                                                                                                                                                                0x00406066
                                                                                                                                                                                0x0040606c
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x00406125
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406127
                                                                                                                                                                                0x0040612a
                                                                                                                                                                                0x0040612d
                                                                                                                                                                                0x00406130
                                                                                                                                                                                0x00406133
                                                                                                                                                                                0x00406136
                                                                                                                                                                                0x00406139
                                                                                                                                                                                0x0040613c
                                                                                                                                                                                0x0040613f
                                                                                                                                                                                0x00406145
                                                                                                                                                                                0x0040615d
                                                                                                                                                                                0x00406160
                                                                                                                                                                                0x00406163
                                                                                                                                                                                0x00406166
                                                                                                                                                                                0x00406166
                                                                                                                                                                                0x00406169
                                                                                                                                                                                0x0040616f
                                                                                                                                                                                0x00406147
                                                                                                                                                                                0x00406147
                                                                                                                                                                                0x0040614f
                                                                                                                                                                                0x00406154
                                                                                                                                                                                0x00406156
                                                                                                                                                                                0x00406158
                                                                                                                                                                                0x00406158
                                                                                                                                                                                0x00406179
                                                                                                                                                                                0x0040617c
                                                                                                                                                                                0x004060fa
                                                                                                                                                                                0x004060fe
                                                                                                                                                                                0x004067be
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067be
                                                                                                                                                                                0x00406104
                                                                                                                                                                                0x00406107
                                                                                                                                                                                0x0040610a
                                                                                                                                                                                0x0040610e
                                                                                                                                                                                0x00406111
                                                                                                                                                                                0x00406117
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x0040611c
                                                                                                                                                                                0x0040611c
                                                                                                                                                                                0x0040617c
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406187
                                                                                                                                                                                0x00406187
                                                                                                                                                                                0x0040618a
                                                                                                                                                                                0x0040618d
                                                                                                                                                                                0x00406191
                                                                                                                                                                                0x004067d6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067d6
                                                                                                                                                                                0x00406197
                                                                                                                                                                                0x0040619a
                                                                                                                                                                                0x0040619d
                                                                                                                                                                                0x004061a0
                                                                                                                                                                                0x004061a3
                                                                                                                                                                                0x004061a6
                                                                                                                                                                                0x004061a9
                                                                                                                                                                                0x004061ab
                                                                                                                                                                                0x004061ae
                                                                                                                                                                                0x004061b1
                                                                                                                                                                                0x004061b4
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x00406353
                                                                                                                                                                                0x00406353
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00406078
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060f5
                                                                                                                                                                                0x00406041
                                                                                                                                                                                0x00406045
                                                                                                                                                                                0x004067b2
                                                                                                                                                                                0x0040682e
                                                                                                                                                                                0x00406836
                                                                                                                                                                                0x0040683d
                                                                                                                                                                                0x0040683f
                                                                                                                                                                                0x00406846
                                                                                                                                                                                0x0040684a
                                                                                                                                                                                0x0040684a
                                                                                                                                                                                0x0040604b
                                                                                                                                                                                0x0040604e
                                                                                                                                                                                0x00406051
                                                                                                                                                                                0x00406055
                                                                                                                                                                                0x00406058
                                                                                                                                                                                0x0040605e
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406063
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406063
                                                                                                                                                                                0x004060ef
                                                                                                                                                                                0x00405ff8
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e35
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00405e3b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e46
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e4f
                                                                                                                                                                                0x00405e52
                                                                                                                                                                                0x00405e55
                                                                                                                                                                                0x00405e59
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e5f
                                                                                                                                                                                0x00405e62
                                                                                                                                                                                0x00405e64
                                                                                                                                                                                0x00405e65
                                                                                                                                                                                0x00405e68
                                                                                                                                                                                0x00405e6a
                                                                                                                                                                                0x00405e6b
                                                                                                                                                                                0x00405e6d
                                                                                                                                                                                0x00405e70
                                                                                                                                                                                0x00405e75
                                                                                                                                                                                0x00405e7a
                                                                                                                                                                                0x00405e83
                                                                                                                                                                                0x00405e96
                                                                                                                                                                                0x00405e99
                                                                                                                                                                                0x00405ea5
                                                                                                                                                                                0x00405ecd
                                                                                                                                                                                0x00405ecf
                                                                                                                                                                                0x00405edd
                                                                                                                                                                                0x00405edd
                                                                                                                                                                                0x00405ee1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ed4
                                                                                                                                                                                0x00405ed5
                                                                                                                                                                                0x00405ed5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405eab
                                                                                                                                                                                0x00405eb0
                                                                                                                                                                                0x00405eb0
                                                                                                                                                                                0x00405eb9
                                                                                                                                                                                0x00405ec1
                                                                                                                                                                                0x00405ec4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ee7
                                                                                                                                                                                0x00405ee7
                                                                                                                                                                                0x00405eeb
                                                                                                                                                                                0x00406797
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406797
                                                                                                                                                                                0x00405ef4
                                                                                                                                                                                0x00405f04
                                                                                                                                                                                0x00405f07
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0d
                                                                                                                                                                                0x00405f11
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f13
                                                                                                                                                                                0x00405f19
                                                                                                                                                                                0x00405f43
                                                                                                                                                                                0x00405f49
                                                                                                                                                                                0x00405f50
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f50
                                                                                                                                                                                0x00405f1f
                                                                                                                                                                                0x00405f22
                                                                                                                                                                                0x00405f27
                                                                                                                                                                                0x00405f27
                                                                                                                                                                                0x00405f32
                                                                                                                                                                                0x00405f3a
                                                                                                                                                                                0x00405f3d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f82
                                                                                                                                                                                0x00405f88
                                                                                                                                                                                0x00405f8b
                                                                                                                                                                                0x00405f98
                                                                                                                                                                                0x00405fa0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f57
                                                                                                                                                                                0x00405f57
                                                                                                                                                                                0x00405f5b
                                                                                                                                                                                0x004067a6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067a6
                                                                                                                                                                                0x00405f67
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f75
                                                                                                                                                                                0x00405f78
                                                                                                                                                                                0x00405f7b
                                                                                                                                                                                0x00405f80
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406247
                                                                                                                                                                                0x0040624b
                                                                                                                                                                                0x00406269
                                                                                                                                                                                0x0040626c
                                                                                                                                                                                0x00406273
                                                                                                                                                                                0x00406276
                                                                                                                                                                                0x00406279
                                                                                                                                                                                0x0040627c
                                                                                                                                                                                0x0040627f
                                                                                                                                                                                0x00406282
                                                                                                                                                                                0x00406284
                                                                                                                                                                                0x0040628b
                                                                                                                                                                                0x0040628c
                                                                                                                                                                                0x0040628e
                                                                                                                                                                                0x00406291
                                                                                                                                                                                0x00406294
                                                                                                                                                                                0x00406297
                                                                                                                                                                                0x00406297
                                                                                                                                                                                0x0040629c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040629c
                                                                                                                                                                                0x0040624d
                                                                                                                                                                                0x00406250
                                                                                                                                                                                0x00406253
                                                                                                                                                                                0x0040625d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062b1
                                                                                                                                                                                0x004062b5
                                                                                                                                                                                0x004062d8
                                                                                                                                                                                0x004062db
                                                                                                                                                                                0x004062de
                                                                                                                                                                                0x004062e8
                                                                                                                                                                                0x004062b7
                                                                                                                                                                                0x004062b7
                                                                                                                                                                                0x004062ba
                                                                                                                                                                                0x004062bd
                                                                                                                                                                                0x004062c0
                                                                                                                                                                                0x004062cd
                                                                                                                                                                                0x004062d0
                                                                                                                                                                                0x004062d0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062f4
                                                                                                                                                                                0x004062f8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062fe
                                                                                                                                                                                0x00406302
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406308
                                                                                                                                                                                0x0040630a
                                                                                                                                                                                0x0040630e
                                                                                                                                                                                0x0040630e
                                                                                                                                                                                0x00406311
                                                                                                                                                                                0x00406315
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406365
                                                                                                                                                                                0x00406369
                                                                                                                                                                                0x00406370
                                                                                                                                                                                0x00406373
                                                                                                                                                                                0x00406376
                                                                                                                                                                                0x00406380
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406380
                                                                                                                                                                                0x0040636b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040638c
                                                                                                                                                                                0x00406390
                                                                                                                                                                                0x00406397
                                                                                                                                                                                0x0040639a
                                                                                                                                                                                0x0040639d
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x004063a0
                                                                                                                                                                                0x004063a3
                                                                                                                                                                                0x004063a6
                                                                                                                                                                                0x004063a6
                                                                                                                                                                                0x004063a9
                                                                                                                                                                                0x004063ac
                                                                                                                                                                                0x004063af
                                                                                                                                                                                0x004063af
                                                                                                                                                                                0x004063b2
                                                                                                                                                                                0x004063b9
                                                                                                                                                                                0x004063be
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040644c
                                                                                                                                                                                0x0040644c
                                                                                                                                                                                0x00406450
                                                                                                                                                                                0x004067ee
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067ee
                                                                                                                                                                                0x00406456
                                                                                                                                                                                0x00406459
                                                                                                                                                                                0x0040645c
                                                                                                                                                                                0x00406460
                                                                                                                                                                                0x00406463
                                                                                                                                                                                0x00406469
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646e
                                                                                                                                                                                0x00406471
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064cf
                                                                                                                                                                                0x004064cf
                                                                                                                                                                                0x004064d3
                                                                                                                                                                                0x004067fa
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067fa
                                                                                                                                                                                0x004064d9
                                                                                                                                                                                0x004064dc
                                                                                                                                                                                0x004064df
                                                                                                                                                                                0x004064e3
                                                                                                                                                                                0x004064e6
                                                                                                                                                                                0x004064ec
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064f1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040629f
                                                                                                                                                                                0x0040629f
                                                                                                                                                                                0x004062a2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065de
                                                                                                                                                                                0x004065e2
                                                                                                                                                                                0x00406604
                                                                                                                                                                                0x00406607
                                                                                                                                                                                0x00406611
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406611
                                                                                                                                                                                0x004065e4
                                                                                                                                                                                0x004065e7
                                                                                                                                                                                0x004065eb
                                                                                                                                                                                0x004065ee
                                                                                                                                                                                0x004065ee
                                                                                                                                                                                0x004065f1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040669b
                                                                                                                                                                                0x0040669f
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066c4
                                                                                                                                                                                0x004066cb
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x004066a1
                                                                                                                                                                                0x004066a4
                                                                                                                                                                                0x004066a7
                                                                                                                                                                                0x004066aa
                                                                                                                                                                                0x004066b1
                                                                                                                                                                                0x004065f5
                                                                                                                                                                                0x004065f5
                                                                                                                                                                                0x004065f8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040678c
                                                                                                                                                                                0x0040678f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004063c6
                                                                                                                                                                                0x004063c8
                                                                                                                                                                                0x004063cf
                                                                                                                                                                                0x004063d0
                                                                                                                                                                                0x004063d2
                                                                                                                                                                                0x004063d5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004063dd
                                                                                                                                                                                0x004063e0
                                                                                                                                                                                0x004063e3
                                                                                                                                                                                0x004063e5
                                                                                                                                                                                0x004063e7
                                                                                                                                                                                0x004063e7
                                                                                                                                                                                0x004063e8
                                                                                                                                                                                0x004063eb
                                                                                                                                                                                0x004063f2
                                                                                                                                                                                0x004063f5
                                                                                                                                                                                0x00406403
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066dc
                                                                                                                                                                                0x004066e3
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066e8
                                                                                                                                                                                0x004066e8
                                                                                                                                                                                0x004066ec
                                                                                                                                                                                0x00406824
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406824
                                                                                                                                                                                0x004066f2
                                                                                                                                                                                0x004066f5
                                                                                                                                                                                0x004066f8
                                                                                                                                                                                0x004066fc
                                                                                                                                                                                0x004066ff
                                                                                                                                                                                0x00406705
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x0040670a
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x00406710
                                                                                                                                                                                0x00406710
                                                                                                                                                                                0x00406714
                                                                                                                                                                                0x00406774
                                                                                                                                                                                0x00406777
                                                                                                                                                                                0x0040677c
                                                                                                                                                                                0x0040677d
                                                                                                                                                                                0x0040677f
                                                                                                                                                                                0x00406781
                                                                                                                                                                                0x00406784
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406784
                                                                                                                                                                                0x00406716
                                                                                                                                                                                0x0040671c
                                                                                                                                                                                0x0040671f
                                                                                                                                                                                0x00406722
                                                                                                                                                                                0x00406725
                                                                                                                                                                                0x00406728
                                                                                                                                                                                0x0040672b
                                                                                                                                                                                0x0040672e
                                                                                                                                                                                0x00406731
                                                                                                                                                                                0x00406734
                                                                                                                                                                                0x00406737
                                                                                                                                                                                0x00406750
                                                                                                                                                                                0x00406753
                                                                                                                                                                                0x00406756
                                                                                                                                                                                0x00406759
                                                                                                                                                                                0x0040675d
                                                                                                                                                                                0x0040675f
                                                                                                                                                                                0x0040675f
                                                                                                                                                                                0x00406760
                                                                                                                                                                                0x00406763
                                                                                                                                                                                0x00406739
                                                                                                                                                                                0x00406739
                                                                                                                                                                                0x00406741
                                                                                                                                                                                0x00406746
                                                                                                                                                                                0x00406748
                                                                                                                                                                                0x0040674b
                                                                                                                                                                                0x0040674b
                                                                                                                                                                                0x00406766
                                                                                                                                                                                0x0040676d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040676f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040676f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040640b
                                                                                                                                                                                0x0040640e
                                                                                                                                                                                0x00406444
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406577
                                                                                                                                                                                0x00406577
                                                                                                                                                                                0x0040657a
                                                                                                                                                                                0x0040657c
                                                                                                                                                                                0x00406806
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406806
                                                                                                                                                                                0x00406582
                                                                                                                                                                                0x00406585
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040658b
                                                                                                                                                                                0x0040658f
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406410
                                                                                                                                                                                0x00406412
                                                                                                                                                                                0x00406414
                                                                                                                                                                                0x00406416
                                                                                                                                                                                0x00406419
                                                                                                                                                                                0x0040641a
                                                                                                                                                                                0x0040641c
                                                                                                                                                                                0x0040641e
                                                                                                                                                                                0x00406421
                                                                                                                                                                                0x00406424
                                                                                                                                                                                0x0040643a
                                                                                                                                                                                0x0040643f
                                                                                                                                                                                0x00406477
                                                                                                                                                                                0x00406477
                                                                                                                                                                                0x0040647b
                                                                                                                                                                                0x004064a7
                                                                                                                                                                                0x004064a9
                                                                                                                                                                                0x004064b0
                                                                                                                                                                                0x004064b3
                                                                                                                                                                                0x004064b6
                                                                                                                                                                                0x004064b6
                                                                                                                                                                                0x004064bb
                                                                                                                                                                                0x004064bb
                                                                                                                                                                                0x004064bd
                                                                                                                                                                                0x004064c0
                                                                                                                                                                                0x004064c7
                                                                                                                                                                                0x004064ca
                                                                                                                                                                                0x004064f7
                                                                                                                                                                                0x004064f7
                                                                                                                                                                                0x004064fa
                                                                                                                                                                                0x004064fd
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x004064ff
                                                                                                                                                                                0x00406505
                                                                                                                                                                                0x00406508
                                                                                                                                                                                0x0040650b
                                                                                                                                                                                0x0040650e
                                                                                                                                                                                0x00406511
                                                                                                                                                                                0x00406514
                                                                                                                                                                                0x00406517
                                                                                                                                                                                0x0040651a
                                                                                                                                                                                0x0040651d
                                                                                                                                                                                0x00406520
                                                                                                                                                                                0x00406539
                                                                                                                                                                                0x0040653b
                                                                                                                                                                                0x0040653e
                                                                                                                                                                                0x0040653f
                                                                                                                                                                                0x00406542
                                                                                                                                                                                0x00406544
                                                                                                                                                                                0x00406547
                                                                                                                                                                                0x00406549
                                                                                                                                                                                0x0040654b
                                                                                                                                                                                0x0040654e
                                                                                                                                                                                0x00406550
                                                                                                                                                                                0x00406553
                                                                                                                                                                                0x00406557
                                                                                                                                                                                0x00406559
                                                                                                                                                                                0x00406559
                                                                                                                                                                                0x0040655a
                                                                                                                                                                                0x0040655d
                                                                                                                                                                                0x00406560
                                                                                                                                                                                0x00406522
                                                                                                                                                                                0x00406522
                                                                                                                                                                                0x0040652a
                                                                                                                                                                                0x0040652f
                                                                                                                                                                                0x00406531
                                                                                                                                                                                0x00406534
                                                                                                                                                                                0x00406534
                                                                                                                                                                                0x00406563
                                                                                                                                                                                0x0040656a
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040656c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040656c
                                                                                                                                                                                0x0040656a
                                                                                                                                                                                0x0040647d
                                                                                                                                                                                0x00406480
                                                                                                                                                                                0x00406482
                                                                                                                                                                                0x00406485
                                                                                                                                                                                0x00406488
                                                                                                                                                                                0x0040648b
                                                                                                                                                                                0x0040648d
                                                                                                                                                                                0x00406490
                                                                                                                                                                                0x00406493
                                                                                                                                                                                0x00406493
                                                                                                                                                                                0x00406496
                                                                                                                                                                                0x00406496
                                                                                                                                                                                0x00406499
                                                                                                                                                                                0x004064a0
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064a2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064a2
                                                                                                                                                                                0x004064a0
                                                                                                                                                                                0x00406426
                                                                                                                                                                                0x00406429
                                                                                                                                                                                0x0040642b
                                                                                                                                                                                0x0040642e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406318
                                                                                                                                                                                0x00406318
                                                                                                                                                                                0x0040631c
                                                                                                                                                                                0x004067e2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067e2
                                                                                                                                                                                0x00406322
                                                                                                                                                                                0x00406325
                                                                                                                                                                                0x00406328
                                                                                                                                                                                0x0040632b
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x00406330
                                                                                                                                                                                0x00406333
                                                                                                                                                                                0x00406336
                                                                                                                                                                                0x00406339
                                                                                                                                                                                0x0040633c
                                                                                                                                                                                0x0040633f
                                                                                                                                                                                0x00406340
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406345
                                                                                                                                                                                0x00406348
                                                                                                                                                                                0x0040634b
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x00406351
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406599
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040659f
                                                                                                                                                                                0x004065a2
                                                                                                                                                                                0x004065a5
                                                                                                                                                                                0x004065a8
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065ad
                                                                                                                                                                                0x004065b0
                                                                                                                                                                                0x004065b3
                                                                                                                                                                                0x004065b6
                                                                                                                                                                                0x004065b9
                                                                                                                                                                                0x004065bc
                                                                                                                                                                                0x004065bd
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065c2
                                                                                                                                                                                0x004065c5
                                                                                                                                                                                0x004065c8
                                                                                                                                                                                0x004065cb
                                                                                                                                                                                0x004065ce
                                                                                                                                                                                0x004065d2
                                                                                                                                                                                0x004065d4
                                                                                                                                                                                0x004065d7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065d9
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065d9
                                                                                                                                                                                0x004065d7
                                                                                                                                                                                0x0040680c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e3b

                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9b666163c1661dbd9b8a2e81cbf380ba9933516b4cb578f4d51b52d9bda143bb
                                                                                                                                                                                • Instruction ID: ffbedf2a53f09e030cb941e21afd419a8c3069ec791793070072d3341ca218b9
                                                                                                                                                                                • Opcode Fuzzy Hash: 9b666163c1661dbd9b8a2e81cbf380ba9933516b4cb578f4d51b52d9bda143bb
                                                                                                                                                                                • Instruction Fuzzy Hash: 17F16571D00229CBCF28CFA8C8946ADBBB1FF44305F25856ED856BB281D7785A86CF44
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00405CD8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00405CD8(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224c8); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224c8;
			}




                                                                                                                                                                                0x00405ce3
                                                                                                                                                                                0x00405cec
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405cf9
                                                                                                                                                                                0x00405cef
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • FindFirstFileA.KERNELBASE(?,004224C8,C:\,004055F4,C:\,C:\,00000000,C:\,C:\,?,?,00000000,00405316,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,00000000), ref: 00405CE3
                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00405CEF
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                • String ID: C:\
                                                                                                                                                                                • API String ID: 2295610775-3404278061
                                                                                                                                                                                • Opcode ID: eaa6d706d35b9193dbeff2470bba944fadabcf5bc74d52a04f68ed274a91c94e
                                                                                                                                                                                • Instruction ID: 9a18407f5d3c0b203e51d924b64f4f6f4a008a27543408caa796c3d3b713bef8
                                                                                                                                                                                • Opcode Fuzzy Hash: eaa6d706d35b9193dbeff2470bba944fadabcf5bc74d52a04f68ed274a91c94e
                                                                                                                                                                                • Instruction Fuzzy Hash: 91D0C93594D620ABD6012728AD0884B6A589B153317508B32F46AE22E0C7748C529AA9
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00405CFF, Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00405CFF(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409200);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409204));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                                                                                                                                                0x00405d07
                                                                                                                                                                                0x00405d0a
                                                                                                                                                                                0x00405d11
                                                                                                                                                                                0x00405d19
                                                                                                                                                                                0x00405d26
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405d2d
                                                                                                                                                                                0x00405d1c
                                                                                                                                                                                0x00405d24
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405d35

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,?,00000000,0040310E,00000008), ref: 00405D11
                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?,?,00000000,0040310E,00000008), ref: 00405D1C
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00405D2D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 310444273-0
                                                                                                                                                                                • Opcode ID: 7acfb344228b968400b962badda7c36266698eee5c55508006b44164a923ef80
                                                                                                                                                                                • Instruction ID: d69b72dbe4010a9b48e4a262f362438d38f190b8a9031efe6831075815a54aa0
                                                                                                                                                                                • Opcode Fuzzy Hash: 7acfb344228b968400b962badda7c36266698eee5c55508006b44164a923ef80
                                                                                                                                                                                • Instruction Fuzzy Hash: 5DE08C32A04610BBD3215B20AE0896B73A8EED9B403004C7EF615F6251D734AC11DBBA
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004038BC, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 278 4038bc-4038ce 279 4038d4-4038da 278->279 280 403a0f-403a1e 278->280 279->280 281 4038e0-4038e9 279->281 282 403a20-403a5b GetDlgItem * 2 call 403d8f KiUserCallbackDispatcher call 40140b 280->282 283 403a6d-403a82 280->283 284 4038eb-4038f8 SetWindowPos 281->284 285 4038fe-403901 281->285 306 403a60-403a68 282->306 287 403ac2-403ac7 call 403ddb 283->287 288 403a84-403a87 283->288 284->285 290 403903-403915 ShowWindow 285->290 291 40391b-403921 285->291 297 403acc-403ae7 287->297 293 403a89-403a94 call 401389 288->293 294 403aba-403abc 288->294 290->291 298 403923-403938 DestroyWindow 291->298 299 40393d-403940 291->299 293->294 309 403a96-403ab5 SendMessageA 293->309 294->287 296 403d5c 294->296 304 403d5e-403d65 296->304 302 403af0-403af6 297->302 303 403ae9-403aeb call 40140b 297->303 305 403d39-403d3f 298->305 307 403942-40394e SetWindowLongA 299->307 308 403953-403959 299->308 312 403d1a-403d33 DestroyWindow KiUserCallbackDispatcher 302->312 313 403afc-403b07 302->313 303->302 305->296 310 403d41-403d47 305->310 306->283 307->304 314 4039fc-403a0a call 403df6 308->314 315 40395f-403970 GetDlgItem 308->315 309->304 310->296 319 403d49-403d52 ShowWindow 310->319 312->305 313->312 320 403b0d-403b5a call 4059ff call 403d8f * 3 GetDlgItem 313->320 314->304 316 403972-403989 SendMessageA IsWindowEnabled 315->316 317 40398f-403992 315->317 316->296 316->317 321 403994-403995 317->321 322 403997-40399a 317->322 319->296 348 403b64-403ba0 ShowWindow KiUserCallbackDispatcher call 403db1 KiUserCallbackDispatcher 320->348 349 403b5c-403b61 320->349 325 4039c5-4039ca call 403d68 321->325 326 4039a8-4039ad 322->326 327 40399c-4039a2 322->327 325->314 329 4039e3-4039f6 SendMessageA 326->329 331 4039af-4039b5 326->331 327->329 330 4039a4-4039a6 327->330 329->314 330->325 334 4039b7-4039bd call 40140b 331->334 335 4039cc-4039d5 call 40140b 331->335 346 4039c3 334->346 335->314 344 4039d7-4039e1 335->344 344->346 346->325 352 403ba2-403ba3 348->352 353 403ba5 348->353 349->348 354 403ba7-403bd5 GetSystemMenu EnableMenuItem SendMessageA 352->354 353->354 355 403bd7-403be8 SendMessageA 354->355 356 403bea 354->356 357 403bf0-403c29 call 403dc4 call 4059dd lstrlenA call 4059ff SetWindowTextA call 401389 355->357 356->357 357->297 366 403c2f-403c31 357->366 366->297 367 403c37-403c3b 366->367 368 403c5a-403c6e KiUserCallbackDispatcher 367->368 369 403c3d-403c43 367->369 368->305 371 403c74-403ca1 CreateDialogParamA 368->371 369->296 370 403c49-403c4f 369->370 370->297 372 403c55 370->372 371->305 373 403ca7-403cfe call 403d8f GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 371->373 372->296 373->296 378 403d00-403d13 ShowWindow call 403ddb 373->378 380 403d18 378->380 380->305
                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                			E004038BC(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t141;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42045c = _t35;
					if(_t115 == 0x110) {
						 *0x423e88 = _t125;
						 *0x420470 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f438 = _t91;
						E00403D8F(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423668); // executed
						 *0x42364c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42045c = 1;
					}
					_t122 =  *0x4091a4; // 0x8
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ea0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403DDB(0x40b);
						while(1) {
							_t37 =  *0x42045c;
							 *0x4091a4 =  *0x4091a4 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091a4; // 0x8
							__eflags = _t39 -  *0x423ea4; // 0x8
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42364c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423ea4; // 0x8
							__eflags =  *0x4091a4 - _t44; // 0x8
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E004059FF(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403D8F(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403D8F(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403D8F(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f0c - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008); // executed
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100); // executed
							E00403DB1(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f438, _t117); // executed
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f0c - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x420470);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f438);
							}
							E00403DC4();
							E004059DD(0x420478, "Unlocker 1.9.2 Setup");
							E004059FF(0x420478, _t125, _t130,  &(0x420478[lstrlenA(0x420478)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420478); // executed
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423658); // executed
									 *0x41fc48 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423e80,  *_t130 +  *0x423660 & 0x0000ffff, _t125,  *(0x4091a8 +  *(_t130 + 4) * 4), _t130); // executed
									__eflags = _t73 - _t133;
									 *0x423658 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403D8F(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423658, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42364c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423658, 8); // executed
									E00403DDB(0x405);
									goto L58;
								}
								__eflags =  *0x423f0c - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x423f00 - _t133; // 0x20
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423658); // executed
						 *0x423e88 = _t133;
						EndDialog(_t125,  *0x41f840);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423658, 0x40f, 0, 1);
						__eflags =  *0x42364c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420450, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420450,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403DF6(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423658, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f0c - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f840 = 1;
											L21:
											_push(0x78);
											L22:
											E00403D68();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f840 = _t127;
										goto L21;
									}
									__eflags =  *0x4091a4 - _t133; // 0x8
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423658); // executed
						 *0x423658 = _a12;
						L58:
						_t141 =  *0x421478 - _t133; // 0x1
						if(_t141 == 0) {
							_t142 =  *0x423658 - _t133; // 0x50400
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa); // executed
								 *0x421478 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}

































                                                                                                                                                                                0x004038c5
                                                                                                                                                                                0x004038ce
                                                                                                                                                                                0x00403a0f
                                                                                                                                                                                0x00403a13
                                                                                                                                                                                0x00403a17
                                                                                                                                                                                0x00403a19
                                                                                                                                                                                0x00403a1e
                                                                                                                                                                                0x00403a29
                                                                                                                                                                                0x00403a34
                                                                                                                                                                                0x00403a39
                                                                                                                                                                                0x00403a3b
                                                                                                                                                                                0x00403a3d
                                                                                                                                                                                0x00403a40
                                                                                                                                                                                0x00403a45
                                                                                                                                                                                0x00403a53
                                                                                                                                                                                0x00403a60
                                                                                                                                                                                0x00403a67
                                                                                                                                                                                0x00403a67
                                                                                                                                                                                0x00403a68
                                                                                                                                                                                0x00403a68
                                                                                                                                                                                0x00403a6d
                                                                                                                                                                                0x00403a73
                                                                                                                                                                                0x00403a7a
                                                                                                                                                                                0x00403a80
                                                                                                                                                                                0x00403a82
                                                                                                                                                                                0x00403ac2
                                                                                                                                                                                0x00403ac7
                                                                                                                                                                                0x00403acc
                                                                                                                                                                                0x00403acc
                                                                                                                                                                                0x00403ad1
                                                                                                                                                                                0x00403ada
                                                                                                                                                                                0x00403adc
                                                                                                                                                                                0x00403ae1
                                                                                                                                                                                0x00403ae7
                                                                                                                                                                                0x00403aeb
                                                                                                                                                                                0x00403aeb
                                                                                                                                                                                0x00403af0
                                                                                                                                                                                0x00403af6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403afc
                                                                                                                                                                                0x00403b01
                                                                                                                                                                                0x00403b07
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403b10
                                                                                                                                                                                0x00403b18
                                                                                                                                                                                0x00403b1d
                                                                                                                                                                                0x00403b20
                                                                                                                                                                                0x00403b26
                                                                                                                                                                                0x00403b2b
                                                                                                                                                                                0x00403b2e
                                                                                                                                                                                0x00403b34
                                                                                                                                                                                0x00403b39
                                                                                                                                                                                0x00403b3c
                                                                                                                                                                                0x00403b42
                                                                                                                                                                                0x00403b4a
                                                                                                                                                                                0x00403b50
                                                                                                                                                                                0x00403b56
                                                                                                                                                                                0x00403b5a
                                                                                                                                                                                0x00403b61
                                                                                                                                                                                0x00403b61
                                                                                                                                                                                0x00403b61
                                                                                                                                                                                0x00403b6b
                                                                                                                                                                                0x00403b7d
                                                                                                                                                                                0x00403b89
                                                                                                                                                                                0x00403b8e
                                                                                                                                                                                0x00403b98
                                                                                                                                                                                0x00403b9e
                                                                                                                                                                                0x00403ba0
                                                                                                                                                                                0x00403ba5
                                                                                                                                                                                0x00403ba2
                                                                                                                                                                                0x00403ba2
                                                                                                                                                                                0x00403ba2
                                                                                                                                                                                0x00403bb5
                                                                                                                                                                                0x00403bcd
                                                                                                                                                                                0x00403bcf
                                                                                                                                                                                0x00403bd5
                                                                                                                                                                                0x00403bea
                                                                                                                                                                                0x00403bd7
                                                                                                                                                                                0x00403be0
                                                                                                                                                                                0x00403be2
                                                                                                                                                                                0x00403be2
                                                                                                                                                                                0x00403bf0
                                                                                                                                                                                0x00403c00
                                                                                                                                                                                0x00403c11
                                                                                                                                                                                0x00403c18
                                                                                                                                                                                0x00403c1e
                                                                                                                                                                                0x00403c22
                                                                                                                                                                                0x00403c27
                                                                                                                                                                                0x00403c29
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403c2f
                                                                                                                                                                                0x00403c2f
                                                                                                                                                                                0x00403c31
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403c37
                                                                                                                                                                                0x00403c3b
                                                                                                                                                                                0x00403c60
                                                                                                                                                                                0x00403c66
                                                                                                                                                                                0x00403c6c
                                                                                                                                                                                0x00403c6e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403c94
                                                                                                                                                                                0x00403c9a
                                                                                                                                                                                0x00403c9c
                                                                                                                                                                                0x00403ca1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403ca7
                                                                                                                                                                                0x00403caa
                                                                                                                                                                                0x00403cad
                                                                                                                                                                                0x00403cc4
                                                                                                                                                                                0x00403cd0
                                                                                                                                                                                0x00403ce9
                                                                                                                                                                                0x00403cef
                                                                                                                                                                                0x00403cf3
                                                                                                                                                                                0x00403cf8
                                                                                                                                                                                0x00403cfe
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403d08
                                                                                                                                                                                0x00403d13
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403d13
                                                                                                                                                                                0x00403c3d
                                                                                                                                                                                0x00403c43
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403c49
                                                                                                                                                                                0x00403c4f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403c55
                                                                                                                                                                                0x00403c29
                                                                                                                                                                                0x00403d20
                                                                                                                                                                                0x00403d2c
                                                                                                                                                                                0x00403d33
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403a84
                                                                                                                                                                                0x00403a84
                                                                                                                                                                                0x00403a87
                                                                                                                                                                                0x00403aba
                                                                                                                                                                                0x00403aba
                                                                                                                                                                                0x00403abc
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403abc
                                                                                                                                                                                0x00403a89
                                                                                                                                                                                0x00403a8d
                                                                                                                                                                                0x00403a92
                                                                                                                                                                                0x00403a94
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403aa4
                                                                                                                                                                                0x00403aac
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403ab2
                                                                                                                                                                                0x004038e0
                                                                                                                                                                                0x004038e0
                                                                                                                                                                                0x004038e4
                                                                                                                                                                                0x004038e9
                                                                                                                                                                                0x004038f8
                                                                                                                                                                                0x004038f8
                                                                                                                                                                                0x00403901
                                                                                                                                                                                0x0040390a
                                                                                                                                                                                0x00403915
                                                                                                                                                                                0x00403915
                                                                                                                                                                                0x00403921
                                                                                                                                                                                0x0040393d
                                                                                                                                                                                0x00403940
                                                                                                                                                                                0x00403953
                                                                                                                                                                                0x00403959
                                                                                                                                                                                0x004039fc
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403a05
                                                                                                                                                                                0x0040395f
                                                                                                                                                                                0x0040396c
                                                                                                                                                                                0x0040396e
                                                                                                                                                                                0x00403970
                                                                                                                                                                                0x0040398f
                                                                                                                                                                                0x0040398f
                                                                                                                                                                                0x00403992
                                                                                                                                                                                0x00403997
                                                                                                                                                                                0x0040399a
                                                                                                                                                                                0x004039aa
                                                                                                                                                                                0x004039ab
                                                                                                                                                                                0x004039ad
                                                                                                                                                                                0x004039e3
                                                                                                                                                                                0x004039f6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004039f6
                                                                                                                                                                                0x004039af
                                                                                                                                                                                0x004039b5
                                                                                                                                                                                0x004039ce
                                                                                                                                                                                0x004039d3
                                                                                                                                                                                0x004039d5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004039d7
                                                                                                                                                                                0x004039c3
                                                                                                                                                                                0x004039c3
                                                                                                                                                                                0x004039c5
                                                                                                                                                                                0x004039c5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004039c5
                                                                                                                                                                                0x004039b8
                                                                                                                                                                                0x004039bd
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004039bd
                                                                                                                                                                                0x0040399c
                                                                                                                                                                                0x004039a2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004039a4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004039a4
                                                                                                                                                                                0x00403994
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403994
                                                                                                                                                                                0x0040397a
                                                                                                                                                                                0x00403981
                                                                                                                                                                                0x00403987
                                                                                                                                                                                0x00403989
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403989
                                                                                                                                                                                0x00403945
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403923
                                                                                                                                                                                0x00403929
                                                                                                                                                                                0x00403933
                                                                                                                                                                                0x00403d39
                                                                                                                                                                                0x00403d39
                                                                                                                                                                                0x00403d3f
                                                                                                                                                                                0x00403d41
                                                                                                                                                                                0x00403d47
                                                                                                                                                                                0x00403d4c
                                                                                                                                                                                0x00403d52
                                                                                                                                                                                0x00403d52
                                                                                                                                                                                0x00403d47
                                                                                                                                                                                0x00403d5c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403d5c
                                                                                                                                                                                0x00403921

                                                                                                                                                                                APIs
                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004038F8
                                                                                                                                                                                • ShowWindow.USER32(?), ref: 00403915
                                                                                                                                                                                • DestroyWindow.USER32 ref: 00403929
                                                                                                                                                                                • SetWindowLongA.USER32 ref: 00403945
                                                                                                                                                                                • GetDlgItem.USER32 ref: 00403966
                                                                                                                                                                                • SendMessageA.USER32 ref: 0040397A
                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 00403981
                                                                                                                                                                                • GetDlgItem.USER32 ref: 00403A2F
                                                                                                                                                                                • GetDlgItem.USER32 ref: 00403A39
                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403A53
                                                                                                                                                                                • SendMessageA.USER32 ref: 00403AA4
                                                                                                                                                                                • GetDlgItem.USER32 ref: 00403B4A
                                                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 00403B6B
                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403B7D
                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403B98
                                                                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403BAE
                                                                                                                                                                                • EnableMenuItem.USER32 ref: 00403BB5
                                                                                                                                                                                • SendMessageA.USER32 ref: 00403BCD
                                                                                                                                                                                • SendMessageA.USER32 ref: 00403BE0
                                                                                                                                                                                • lstrlenA.KERNEL32(00420478,?,00420478,Unlocker 1.9.2 Setup), ref: 00403C09
                                                                                                                                                                                • SetWindowTextA.USER32(?,00420478), ref: 00403C18
                                                                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 00403D4C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Item$MessageSend$CallbackDispatcherShowUser$Menu$DestroyEnableEnabledLongSystemTextlstrlen
                                                                                                                                                                                • String ID: Unlocker 1.9.2 Setup
                                                                                                                                                                                • API String ID: 2523155381-3402739367
                                                                                                                                                                                • Opcode ID: 17db576ff1e04bb401156bec3937a30c5754e03700d25ec8c7f88e75de32935b
                                                                                                                                                                                • Instruction ID: 874aaf0cc80a4ada72e8b6aceb9d73cb056a569e4b675a7f159d56e4bf17f1bf
                                                                                                                                                                                • Opcode Fuzzy Hash: 17db576ff1e04bb401156bec3937a30c5754e03700d25ec8c7f88e75de32935b
                                                                                                                                                                                • Instruction Fuzzy Hash: F9C18E71A04204BBDB206F21ED85E2B3E7CEB05746F40453EF641B52F1C779AA429B2E
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00403526, Relevance: 49.2, APIs: 15, Strings: 13, Instructions: 216stringregistrylibraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 381 403526-40353e call 405cff 384 403540-403550 call 40593b 381->384 385 403552-403579 call 4058c4 381->385 393 40359c-4035c5 call 4037ef call 4055b1 384->393 390 403591-403597 lstrcatA 385->390 391 40357b-40358c call 4058c4 385->391 390->393 391->390 399 4035cb-4035d0 393->399 400 40364c-403654 call 4055b1 393->400 399->400 401 4035d2-4035ea call 4058c4 399->401 406 403662-403687 LoadImageA 400->406 407 403656-40365d call 4059ff 400->407 405 4035ef-4035f6 401->405 405->400 408 4035f8-4035fa 405->408 410 403716-40371e call 40140b 406->410 411 40368d-4036c3 RegisterClassA 406->411 407->406 415 40360b-403617 lstrlenA 408->415 416 4035fc-403609 call 4054fb 408->416 423 403720-403723 410->423 424 403728-403733 call 4037ef 410->424 412 4037e5 411->412 413 4036c9-403711 SystemParametersInfoA CreateWindowExA 411->413 420 4037e7-4037ee 412->420 413->410 417 403619-403627 lstrcmpiA 415->417 418 40363f-403647 call 4054d0 call 4059dd 415->418 416->415 417->418 422 403629-403633 GetFileAttributesA 417->422 418->400 427 403635-403637 422->427 428 403639-40363a call 405517 422->428 423->420 434 403739-403756 ShowWindow LoadLibraryA 424->434 435 4037bc-4037bd call 404e4d 424->435 427->418 427->428 428->418 437 403758-40375d LoadLibraryA 434->437 438 40375f-403771 GetClassInfoA 434->438 439 4037c2-4037c4 435->439 437->438 440 403773-403783 GetClassInfoA RegisterClassA 438->440 441 403789-4037ac DialogBoxParamA call 40140b 438->441 442 4037c6-4037cc 439->442 443 4037de-4037e0 call 40140b 439->443 440->441 447 4037b1-4037ba call 403476 441->447 442->423 445 4037d2-4037d9 call 40140b 442->445 443->412 445->423 447->420
                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                			E00403526() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t86;

				_t81 =  *0x423e90; // 0x471cb8
				_t20 = E00405CFF(6);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x420478;
					"1033" = 0x7830;
					E004058C4(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420478, 0);
					__eflags =  *0x420478;
					if(__eflags == 0) {
						E004058C4(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x420478, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E0040593B("1033",  *_t20() & 0x0000ffff);
				}
				E004037EF(_t76, _t88);
				_t24 =  *0x423e98; // 0xa1
				_t85 = "C:\\Program Files\\Unlocker";
				 *0x423f00 = _t24 & 0x00000020;
				 *0x423f1c = 0x10000;
				if(E004055B1(_t88, "C:\\Program Files\\Unlocker") != 0) {
					L16:
					if(E004055B1(_t96, _t85) == 0) {
						E004059FF(0, _t79, _t81, _t85,  *((intOrPtr*)(_t81 + 0x118))); // executed
					}
					_t28 = LoadImageA( *0x423e80, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423668 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E004037EF(_t76, __eflags);
							__eflags =  *0x423f20; // 0x0
							if(__eflags != 0) {
								_t31 = E00404E4D(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42364c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420450, 5); // executed
							_t37 = LoadLibraryA("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t86 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t86, 0x423620);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423620);
								 *0x423644 = _t86;
								RegisterClassA(0x423620);
							}
							_t39 =  *0x423660; // 0x0
							_t42 = DialogBoxParamA( *0x423e80, _t39 + 0x00000069 & 0x0000ffff, 0, E004038BC, 0); // executed
							E00403476(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423e80; // 0x400000
						 *0x423634 = _t28;
						_v20 = 0x624e5f;
						 *0x423624 = E00401000;
						 *0x423630 = _t76;
						 *0x423644 =  &_v20;
						if(RegisterClassA(0x423620) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420450 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423e80, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x423eb8; // 0x478bf4
					_t79 = 0x422e20;
					E004058C4( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x422e20, 0);
					_t62 =  *0x422e20; // 0x52
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422e21;
						 *((char*)(E004054FB(0x422e21, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E004059DD(_t85, E004054D0(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E00405517(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                                                                                                                                                                                0x0040352c
                                                                                                                                                                                0x00403535
                                                                                                                                                                                0x0040353c
                                                                                                                                                                                0x0040353e
                                                                                                                                                                                0x00403552
                                                                                                                                                                                0x00403564
                                                                                                                                                                                0x0040356e
                                                                                                                                                                                0x00403573
                                                                                                                                                                                0x00403579
                                                                                                                                                                                0x0040358c
                                                                                                                                                                                0x0040358c
                                                                                                                                                                                0x00403597
                                                                                                                                                                                0x00403540
                                                                                                                                                                                0x0040354b
                                                                                                                                                                                0x0040354b
                                                                                                                                                                                0x0040359c
                                                                                                                                                                                0x004035a1
                                                                                                                                                                                0x004035a6
                                                                                                                                                                                0x004035af
                                                                                                                                                                                0x004035b4
                                                                                                                                                                                0x004035c5
                                                                                                                                                                                0x0040364c
                                                                                                                                                                                0x00403654
                                                                                                                                                                                0x0040365d
                                                                                                                                                                                0x0040365d
                                                                                                                                                                                0x00403673
                                                                                                                                                                                0x00403679
                                                                                                                                                                                0x00403687
                                                                                                                                                                                0x00403716
                                                                                                                                                                                0x0040371e
                                                                                                                                                                                0x00403728
                                                                                                                                                                                0x0040372d
                                                                                                                                                                                0x00403733
                                                                                                                                                                                0x004037bd
                                                                                                                                                                                0x004037c2
                                                                                                                                                                                0x004037c4
                                                                                                                                                                                0x004037e0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004037e0
                                                                                                                                                                                0x004037c6
                                                                                                                                                                                0x004037cc
                                                                                                                                                                                0x004037d4
                                                                                                                                                                                0x004037d4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004037cc
                                                                                                                                                                                0x00403741
                                                                                                                                                                                0x00403752
                                                                                                                                                                                0x00403754
                                                                                                                                                                                0x00403756
                                                                                                                                                                                0x0040375d
                                                                                                                                                                                0x0040375d
                                                                                                                                                                                0x00403765
                                                                                                                                                                                0x0040376d
                                                                                                                                                                                0x0040376f
                                                                                                                                                                                0x00403771
                                                                                                                                                                                0x0040377a
                                                                                                                                                                                0x0040377d
                                                                                                                                                                                0x00403783
                                                                                                                                                                                0x00403783
                                                                                                                                                                                0x00403789
                                                                                                                                                                                0x004037a2
                                                                                                                                                                                0x004037b3
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004037b8
                                                                                                                                                                                0x00403720
                                                                                                                                                                                0x00403722
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040368d
                                                                                                                                                                                0x0040368d
                                                                                                                                                                                0x00403693
                                                                                                                                                                                0x0040369d
                                                                                                                                                                                0x004036a5
                                                                                                                                                                                0x004036af
                                                                                                                                                                                0x004036b5
                                                                                                                                                                                0x004036c3
                                                                                                                                                                                0x004037e5
                                                                                                                                                                                0x004037e5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004037e5
                                                                                                                                                                                0x004036c9
                                                                                                                                                                                0x004036d2
                                                                                                                                                                                0x00403711
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403711
                                                                                                                                                                                0x004035cb
                                                                                                                                                                                0x004035cb
                                                                                                                                                                                0x004035d0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004035d5
                                                                                                                                                                                0x004035da
                                                                                                                                                                                0x004035ea
                                                                                                                                                                                0x004035ef
                                                                                                                                                                                0x004035f6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004035fa
                                                                                                                                                                                0x004035fc
                                                                                                                                                                                0x00403609
                                                                                                                                                                                0x00403609
                                                                                                                                                                                0x00403611
                                                                                                                                                                                0x00403617
                                                                                                                                                                                0x0040363f
                                                                                                                                                                                0x00403647
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403629
                                                                                                                                                                                0x0040362a
                                                                                                                                                                                0x00403633
                                                                                                                                                                                0x00403639
                                                                                                                                                                                0x0040363a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040363a
                                                                                                                                                                                0x00403635
                                                                                                                                                                                0x00403637
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403637
                                                                                                                                                                                0x00403617

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00405CFF: GetModuleHandleA.KERNEL32(?,?,00000000,0040310E,00000008), ref: 00405D11
                                                                                                                                                                                  • Part of subcall function 00405CFF: LoadLibraryA.KERNELBASE(?,?,00000000,0040310E,00000008), ref: 00405D1C
                                                                                                                                                                                  • Part of subcall function 00405CFF: GetProcAddress.KERNEL32(00000000,?), ref: 00405D2D
                                                                                                                                                                                • lstrcatA.KERNEL32(1033,00420478,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420478,00000000,00000006,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403597
                                                                                                                                                                                • lstrlenA.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Unlocker,1033,00420478,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420478,00000000,00000006,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ), ref: 0040360C
                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Unlocker,1033,00420478,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420478,00000000), ref: 0040361F
                                                                                                                                                                                • GetFileAttributesA.KERNEL32(Remove folder: ), ref: 0040362A
                                                                                                                                                                                • LoadImageA.USER32 ref: 00403673
                                                                                                                                                                                  • Part of subcall function 0040593B: wsprintfA.USER32 ref: 00405948
                                                                                                                                                                                • RegisterClassA.USER32 ref: 004036BA
                                                                                                                                                                                • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004036D2
                                                                                                                                                                                • CreateWindowExA.USER32 ref: 0040370B
                                                                                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403741
                                                                                                                                                                                • LoadLibraryA.KERNELBASE(RichEd20), ref: 00403752
                                                                                                                                                                                • LoadLibraryA.KERNEL32(RichEd32), ref: 0040375D
                                                                                                                                                                                • GetClassInfoA.USER32 ref: 0040376D
                                                                                                                                                                                • GetClassInfoA.USER32 ref: 0040377A
                                                                                                                                                                                • RegisterClassA.USER32 ref: 00403783
                                                                                                                                                                                • DialogBoxParamA.USER32 ref: 004037A2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\Unlocker1.9.2.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Program Files\Unlocker$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                • API String ID: 914957316-2270511018
                                                                                                                                                                                • Opcode ID: f93f1545b230c8163d09655257c65a13db3ac628cd3f161671649cd9b752f71f
                                                                                                                                                                                • Instruction ID: 0f3f48bff709b167bb3a38cee6451da723a784a17f6d38f49bc0c0f1e25ee8dd
                                                                                                                                                                                • Opcode Fuzzy Hash: f93f1545b230c8163d09655257c65a13db3ac628cd3f161671649cd9b752f71f
                                                                                                                                                                                • Instruction Fuzzy Hash: 9261C5B1A04200BAD6206F659C45E3B3A6DE74474AF40453FF941B62E1D67D9E028B3E
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00403ED7, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 204windowstringCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 452 403ed7-403ee7 453 403ffa-40400d 452->453 454 403eed-403ef5 452->454 457 404069-40406d 453->457 458 40400f-404018 453->458 455 403ef7-403f06 454->455 456 403f08-403fa0 call 403d8f * 2 CheckDlgButton call 403db1 GetDlgItem call 403dc4 SendMessageA 454->456 455->456 490 403fa2-403fa5 GetSysColor 456->490 491 403fab-403ff5 SendMessageA * 2 lstrlenA SendMessageA * 2 456->491 462 404073-404087 GetDlgItem 457->462 463 40413d-404144 457->463 459 40414c 458->459 460 40401e-404026 458->460 466 40414f-404156 call 403df6 459->466 460->459 464 40402c-404038 460->464 468 404089-404090 462->468 469 4040fb-404102 462->469 463->459 465 404146 463->465 464->459 470 40403e-404064 GetDlgItem SendMessageA call 403db1 call 404162 464->470 465->459 476 40415b-40415f 466->476 468->469 473 404092-4040ad 468->473 469->466 474 404104-40410b 469->474 470->457 473->469 478 4040af-4040f8 SendMessageA LoadCursorA SetCursor ShellExecuteA LoadCursorA SetCursor 473->478 474->466 479 40410d-404111 474->479 478->469 482 404113-404122 SendMessageA 479->482 483 404124-404128 479->483 482->483 484 404138-40413b 483->484 485 40412a-404136 SendMessageA 483->485 484->476 485->484 490->491 491->476
                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                			E00403ED7(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char* _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420458 =  *0x420458 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403DF6(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e20;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								ShellExecuteA(_a4, "open", _v8, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423e88, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423e88, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420458 != 0) {
						goto L25;
					} else {
						_t103 =  *0x41fc48; // 0x471f24
						_t25 = _t103 + 0x14; // 0x471f38
						_t112 = _t25;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403DB1(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404162();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42365c; // 0x4992b3
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423eb8; // 0x478bf4
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403EA3;
				E00403D8F(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403D8F(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403DB1( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403DC4(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423e90; // 0x471cb8
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f43c =  *0x41f43c & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16); // executed
				 *0x420458 =  *0x420458 & 0x00000000;
				return 0;
			}





















                                                                                                                                                                                0x00403ee7
                                                                                                                                                                                0x0040400d
                                                                                                                                                                                0x00404069
                                                                                                                                                                                0x0040406d
                                                                                                                                                                                0x00404144
                                                                                                                                                                                0x00404146
                                                                                                                                                                                0x00404146
                                                                                                                                                                                0x0040414c
                                                                                                                                                                                0x0040414c
                                                                                                                                                                                0x0040414f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404156
                                                                                                                                                                                0x0040407b
                                                                                                                                                                                0x0040407d
                                                                                                                                                                                0x00404087
                                                                                                                                                                                0x00404092
                                                                                                                                                                                0x00404095
                                                                                                                                                                                0x00404098
                                                                                                                                                                                0x004040a3
                                                                                                                                                                                0x004040a6
                                                                                                                                                                                0x004040ad
                                                                                                                                                                                0x004040bb
                                                                                                                                                                                0x004040d3
                                                                                                                                                                                0x004040e6
                                                                                                                                                                                0x004040f6
                                                                                                                                                                                0x004040f8
                                                                                                                                                                                0x004040f8
                                                                                                                                                                                0x004040ad
                                                                                                                                                                                0x00404102
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040410d
                                                                                                                                                                                0x00404111
                                                                                                                                                                                0x00404122
                                                                                                                                                                                0x00404122
                                                                                                                                                                                0x00404128
                                                                                                                                                                                0x00404136
                                                                                                                                                                                0x00404136
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040413a
                                                                                                                                                                                0x00404102
                                                                                                                                                                                0x00404018
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040402c
                                                                                                                                                                                0x0040402c
                                                                                                                                                                                0x00404032
                                                                                                                                                                                0x00404032
                                                                                                                                                                                0x00404038
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040405d
                                                                                                                                                                                0x0040405f
                                                                                                                                                                                0x00404064
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404064
                                                                                                                                                                                0x00404018
                                                                                                                                                                                0x00403eed
                                                                                                                                                                                0x00403ef0
                                                                                                                                                                                0x00403ef5
                                                                                                                                                                                0x00403ef7
                                                                                                                                                                                0x00403f06
                                                                                                                                                                                0x00403f06
                                                                                                                                                                                0x00403f08
                                                                                                                                                                                0x00403f0d
                                                                                                                                                                                0x00403f10
                                                                                                                                                                                0x00403f12
                                                                                                                                                                                0x00403f17
                                                                                                                                                                                0x00403f20
                                                                                                                                                                                0x00403f26
                                                                                                                                                                                0x00403f32
                                                                                                                                                                                0x00403f35
                                                                                                                                                                                0x00403f3e
                                                                                                                                                                                0x00403f43
                                                                                                                                                                                0x00403f46
                                                                                                                                                                                0x00403f4b
                                                                                                                                                                                0x00403f62
                                                                                                                                                                                0x00403f69
                                                                                                                                                                                0x00403f7c
                                                                                                                                                                                0x00403f7f
                                                                                                                                                                                0x00403f94
                                                                                                                                                                                0x00403f96
                                                                                                                                                                                0x00403f9b
                                                                                                                                                                                0x00403fa0
                                                                                                                                                                                0x00403fa5
                                                                                                                                                                                0x00403fa5
                                                                                                                                                                                0x00403fb4
                                                                                                                                                                                0x00403fc3
                                                                                                                                                                                0x00403fc5
                                                                                                                                                                                0x00403fdb
                                                                                                                                                                                0x00403fea
                                                                                                                                                                                0x00403fec
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                                                • String ID: .B$N$Remove folder: $open
                                                                                                                                                                                • API String ID: 3615053054-1104553104
                                                                                                                                                                                • Opcode ID: da112c14776137c7bd89e7c73a234b8b17dddee6ca60b81d448b510bce2e22e9
                                                                                                                                                                                • Instruction ID: 4310844e4bc5412d85e0e67e924f78a0a7df87fdbfd2fc52009ff806257c2229
                                                                                                                                                                                • Opcode Fuzzy Hash: da112c14776137c7bd89e7c73a234b8b17dddee6ca60b81d448b510bce2e22e9
                                                                                                                                                                                • Instruction Fuzzy Hash: 3161A1B1A40209BFEB109F60DC45F6A7B69EB54715F108036FB05BA2D1C7B8E951CF98
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00402C22, Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 182COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 595 402c22-402c70 GetTickCount GetModuleFileNameA call 4056b4 598 402c72-402c77 595->598 599 402c7c-402caa call 4059dd call 405517 call 4059dd GetFileSize 595->599 600 402e54-402e58 598->600 607 402cb0 599->607 608 402d97-402da5 call 402bbe 599->608 610 402cb5-402ccc 607->610 614 402da7-402daa 608->614 615 402dfa-402dff 608->615 612 402cd0-402cd2 call 40304e 610->612 613 402cce 610->613 619 402cd7-402cd9 612->619 613->612 617 402dac-402dbd call 403080 call 40304e 614->617 618 402dce-402df8 GlobalAlloc call 403080 call 402e5b 614->618 615->600 635 402dc2-402dc4 617->635 618->615 642 402e0b-402e1c 618->642 621 402e01-402e09 call 402bbe 619->621 622 402cdf-402ce6 619->622 621->615 626 402d62-402d66 622->626 627 402ce8-402cfc call 405675 622->627 631 402d70-402d76 626->631 632 402d68-402d6f call 402bbe 626->632 627->631 646 402cfe-402d05 627->646 637 402d85-402d8f 631->637 638 402d78-402d82 call 405d6b 631->638 632->631 635->615 643 402dc6-402dcc 635->643 637->610 641 402d95 637->641 638->637 641->608 647 402e24-402e29 642->647 648 402e1e 642->648 643->615 643->618 646->631 650 402d07-402d0e 646->650 652 402e2a-402e30 647->652 648->647 650->631 651 402d10-402d17 650->651 651->631 653 402d19-402d20 651->653 652->652 654 402e32-402e4d SetFilePointer call 405675 652->654 653->631 655 402d22-402d42 653->655 658 402e52 654->658 655->615 657 402d48-402d4c 655->657 659 402d54-402d5c 657->659 660 402d4e-402d52 657->660 658->600 659->631 661 402d5e-402d60 659->661 660->641 660->659 661->631
                                                                                                                                                                                C-Code - Quality: 80%
                                                                                                                                                                                			E00402C22(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				signed int _t54;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\jones\\Desktop\\Unlocker1.9.2.exe";
				 *0x423e8c = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\jones\\Desktop\\Unlocker1.9.2.exe", 0x400);
				_t89 = E004056B4(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409014 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\jones\\Desktop";
				E004059DD("C:\\Users\\jones\\Desktop", _t91);
				E004059DD(0x42b000, E00405517(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x41f028 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BBE(1);
					__eflags =  *0x423e94 - _t82; // 0xce00
					if(__eflags == 0) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						_t54 =  *0x423e94; // 0xce00
						E00403080(_t54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402E5B(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x423e90 = _t94;
							 *0x423e98 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x423e9c =  *0x423e9c + 1;
								__eflags =  *0x423e9c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405675(0x423ea0, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E00403080( *0x40b018);
					_t65 = E0040304E( &_a4, 4); // executed
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t67 =  *0x423e94; // 0xce00
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~_t67 & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E0040304E(0x417028, _t90); // executed
						__eflags = _t71;
						if(_t71 == 0) {
							E00402BBE(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423e94;
						if( *0x423e94 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BBE(0);
							}
							goto L20;
						}
						E00405675( &_v44, 0x417028, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x40b018; // 0x10753b
						 *0x423f20 =  *0x423f20 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x423e94 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40915c
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x41f028; // 0x10753f
						if(__eflags < 0) {
							_v12 = E00405D6B(_v12, 0x417028, _t90);
						}
						 *0x40b018 =  *0x40b018 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

































                                                                                                                                                                                0x00402c2a
                                                                                                                                                                                0x00402c2d
                                                                                                                                                                                0x00402c30
                                                                                                                                                                                0x00402c33
                                                                                                                                                                                0x00402c39
                                                                                                                                                                                0x00402c4a
                                                                                                                                                                                0x00402c4f
                                                                                                                                                                                0x00402c62
                                                                                                                                                                                0x00402c67
                                                                                                                                                                                0x00402c6a
                                                                                                                                                                                0x00402c70
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402c72
                                                                                                                                                                                0x00402c7d
                                                                                                                                                                                0x00402c83
                                                                                                                                                                                0x00402c94
                                                                                                                                                                                0x00402c9b
                                                                                                                                                                                0x00402ca1
                                                                                                                                                                                0x00402ca3
                                                                                                                                                                                0x00402ca8
                                                                                                                                                                                0x00402caa
                                                                                                                                                                                0x00402d97
                                                                                                                                                                                0x00402d99
                                                                                                                                                                                0x00402d9e
                                                                                                                                                                                0x00402da5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402da7
                                                                                                                                                                                0x00402daa
                                                                                                                                                                                0x00402dce
                                                                                                                                                                                0x00402dd3
                                                                                                                                                                                0x00402dd9
                                                                                                                                                                                0x00402ddb
                                                                                                                                                                                0x00402de4
                                                                                                                                                                                0x00402de9
                                                                                                                                                                                0x00402dec
                                                                                                                                                                                0x00402ded
                                                                                                                                                                                0x00402dee
                                                                                                                                                                                0x00402df0
                                                                                                                                                                                0x00402df5
                                                                                                                                                                                0x00402df8
                                                                                                                                                                                0x00402e0b
                                                                                                                                                                                0x00402e0f
                                                                                                                                                                                0x00402e17
                                                                                                                                                                                0x00402e1c
                                                                                                                                                                                0x00402e1e
                                                                                                                                                                                0x00402e1e
                                                                                                                                                                                0x00402e1e
                                                                                                                                                                                0x00402e26
                                                                                                                                                                                0x00402e26
                                                                                                                                                                                0x00402e29
                                                                                                                                                                                0x00402e2a
                                                                                                                                                                                0x00402e2a
                                                                                                                                                                                0x00402e2d
                                                                                                                                                                                0x00402e2f
                                                                                                                                                                                0x00402e2f
                                                                                                                                                                                0x00402e2f
                                                                                                                                                                                0x00402e39
                                                                                                                                                                                0x00402e3f
                                                                                                                                                                                0x00402e4d
                                                                                                                                                                                0x00402e52
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402e52
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402df8
                                                                                                                                                                                0x00402db2
                                                                                                                                                                                0x00402dbd
                                                                                                                                                                                0x00402dc2
                                                                                                                                                                                0x00402dc4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402dc9
                                                                                                                                                                                0x00402dcc
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402cb0
                                                                                                                                                                                0x00402cb5
                                                                                                                                                                                0x00402cb5
                                                                                                                                                                                0x00402cba
                                                                                                                                                                                0x00402cbe
                                                                                                                                                                                0x00402cc5
                                                                                                                                                                                0x00402cca
                                                                                                                                                                                0x00402ccc
                                                                                                                                                                                0x00402cce
                                                                                                                                                                                0x00402cce
                                                                                                                                                                                0x00402cd2
                                                                                                                                                                                0x00402cd7
                                                                                                                                                                                0x00402cd9
                                                                                                                                                                                0x00402e03
                                                                                                                                                                                0x00402dfa
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402dfa
                                                                                                                                                                                0x00402cdf
                                                                                                                                                                                0x00402ce6
                                                                                                                                                                                0x00402d62
                                                                                                                                                                                0x00402d66
                                                                                                                                                                                0x00402d6a
                                                                                                                                                                                0x00402d6f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402d66
                                                                                                                                                                                0x00402cef
                                                                                                                                                                                0x00402cf4
                                                                                                                                                                                0x00402cf7
                                                                                                                                                                                0x00402cfc
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402cfe
                                                                                                                                                                                0x00402d05
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402d07
                                                                                                                                                                                0x00402d0e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402d10
                                                                                                                                                                                0x00402d17
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402d19
                                                                                                                                                                                0x00402d20
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402d22
                                                                                                                                                                                0x00402d28
                                                                                                                                                                                0x00402d31
                                                                                                                                                                                0x00402d37
                                                                                                                                                                                0x00402d3a
                                                                                                                                                                                0x00402d3c
                                                                                                                                                                                0x00402d42
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402d48
                                                                                                                                                                                0x00402d4c
                                                                                                                                                                                0x00402d54
                                                                                                                                                                                0x00402d54
                                                                                                                                                                                0x00402d57
                                                                                                                                                                                0x00402d57
                                                                                                                                                                                0x00402d5a
                                                                                                                                                                                0x00402d5c
                                                                                                                                                                                0x00402d5e
                                                                                                                                                                                0x00402d5e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402d5c
                                                                                                                                                                                0x00402d4e
                                                                                                                                                                                0x00402d52
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402d70
                                                                                                                                                                                0x00402d70
                                                                                                                                                                                0x00402d76
                                                                                                                                                                                0x00402d82
                                                                                                                                                                                0x00402d82
                                                                                                                                                                                0x00402d85
                                                                                                                                                                                0x00402d8b
                                                                                                                                                                                0x00402d8d
                                                                                                                                                                                0x00402d8d
                                                                                                                                                                                0x00402d95
                                                                                                                                                                                0x00402d95
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402d95

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402C33
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Unlocker1.9.2.exe,00000400), ref: 00402C4F
                                                                                                                                                                                  • Part of subcall function 004056B4: GetFileAttributesA.KERNELBASE(00000003,00402C62,C:\Users\user\Desktop\Unlocker1.9.2.exe,80000000,00000003), ref: 004056B8
                                                                                                                                                                                  • Part of subcall function 004056B4: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004056DA
                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Unlocker1.9.2.exe,C:\Users\user\Desktop\Unlocker1.9.2.exe,80000000,00000003), ref: 00402C9B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\Unlocker1.9.2.exe" $(pA$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Unlocker1.9.2.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                                                                • API String ID: 4283519449-513961221
                                                                                                                                                                                • Opcode ID: 8dd25270827e0f4bb7ccacab167cf8c400ed2e02d2919ad4f76227d9ce4bc1d1
                                                                                                                                                                                • Instruction ID: bb8333a86194dcf573844375b596ab0c7c07cd824b72df89bd2f0bbec4532e5a
                                                                                                                                                                                • Opcode Fuzzy Hash: 8dd25270827e0f4bb7ccacab167cf8c400ed2e02d2919ad4f76227d9ce4bc1d1
                                                                                                                                                                                • Instruction Fuzzy Hash: 21511971A00214ABDB209F65DE89B9E7BB4EF04319F10403BF904B62D1D7BC9E458BAD
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 792 401734-401757 call 4029f6 call 40553d 797 401761-401773 call 4059dd call 4054d0 lstrcatA 792->797 798 401759-40175f call 4059dd 792->798 803 401778-40177e call 405c3f 797->803 798->803 808 401783-401787 803->808 809 401789-401793 call 405cd8 808->809 810 4017ba-4017bd 808->810 817 4017a5-4017b7 809->817 818 401795-4017a3 CompareFileTime 809->818 812 4017c5-4017e1 call 4056b4 810->812 813 4017bf-4017c0 call 405695 810->813 820 4017e3-4017e6 812->820 821 401859-401882 call 404d7b call 402e5b 812->821 813->812 817->810 818->817 822 4017e8-40182a call 4059dd * 2 call 4059ff call 4059dd call 40529e 820->822 823 40183b-401845 call 404d7b 820->823 835 401884-401888 821->835 836 40188a-401896 SetFileTime 821->836 822->808 856 401830-401831 822->856 833 40184e-401854 823->833 837 402894 833->837 835->836 839 40189c-4018a7 FindCloseChangeNotification 835->839 836->839 840 402896-40289a 837->840 842 40288b-40288e 839->842 843 4018ad-4018b0 839->843 842->837 845 4018b2-4018c3 call 4059ff lstrcatA 843->845 846 4018c5-4018c8 call 4059ff 843->846 850 4018cd-402213 call 40529e 845->850 846->850 850->840 859 40265c-402663 850->859 856->833 858 401833-401834 856->858 858->823 859->842
                                                                                                                                                                                C-Code - Quality: 60%
                                                                                                                                                                                			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029F6(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E0040553D(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E004054D0(E004059DD(0x409b50, "C:\\Program Files\\Unlocker")), ??);
				} else {
					_push(0x409b50);
					E004059DD();
				}
				E00405C3F(0x409b50);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405CD8(0x409b50);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405695(0x409b50);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E004056B4(0x409b50, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404D7B(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f08;
						goto L32;
					} else {
						E004059DD(0x40a350, 0x424000);
						E004059DD(0x424000, 0x409b50);
						E004059FF(_t75, 0x40a350, 0x409b50, "C:\Users\jones\AppData\Local\Temp\nsoF2A7.tmp\InstallOptions.dll",  *((intOrPtr*)(_t85 - 0x10)));
						E004059DD(0x424000, 0x40a350);
						_t62 = E0040529E("C:\Users\jones\AppData\Local\Temp\nsoF2A7.tmp\InstallOptions.dll",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f08 =  &( *0x423f08->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b50);
								_push(0xfffffffa);
								E00404D7B();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404D7B(0xffffffea,  *(_t85 - 8)); // executed
				 *0x423f34 =  *0x423f34 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 0x34));
				_push( *((intOrPtr*)(_t85 - 0x1c)));
				_t43 = E00402E5B(); // executed
				 *0x423f34 =  *0x423f34 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E004059FF(_t75, _t80, 0x409b50, 0x409b50, 0xffffffee);
					} else {
						E004059FF(_t75, _t80, 0x409b50, 0x409b50, 0xffffffe9);
						lstrcatA(0x409b50,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b50);
					E0040529E();
					goto L29;
				}
				goto L33;
			}
















                                                                                                                                                                                0x00401734
                                                                                                                                                                                0x0040173b
                                                                                                                                                                                0x00401744
                                                                                                                                                                                0x00401747
                                                                                                                                                                                0x0040174a
                                                                                                                                                                                0x0040174f
                                                                                                                                                                                0x00401757
                                                                                                                                                                                0x00401773
                                                                                                                                                                                0x00401759
                                                                                                                                                                                0x00401759
                                                                                                                                                                                0x0040175a
                                                                                                                                                                                0x0040175a
                                                                                                                                                                                0x00401779
                                                                                                                                                                                0x00401783
                                                                                                                                                                                0x00401783
                                                                                                                                                                                0x00401787
                                                                                                                                                                                0x0040178a
                                                                                                                                                                                0x0040178f
                                                                                                                                                                                0x00401791
                                                                                                                                                                                0x00401793
                                                                                                                                                                                0x00401798
                                                                                                                                                                                0x00401798
                                                                                                                                                                                0x004017a3
                                                                                                                                                                                0x004017a3
                                                                                                                                                                                0x004017b4
                                                                                                                                                                                0x004017b6
                                                                                                                                                                                0x004017b6
                                                                                                                                                                                0x004017b7
                                                                                                                                                                                0x004017b7
                                                                                                                                                                                0x004017ba
                                                                                                                                                                                0x004017bd
                                                                                                                                                                                0x004017c0
                                                                                                                                                                                0x004017c0
                                                                                                                                                                                0x004017c7
                                                                                                                                                                                0x004017d6
                                                                                                                                                                                0x004017db
                                                                                                                                                                                0x004017de
                                                                                                                                                                                0x004017e1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004017e3
                                                                                                                                                                                0x004017e6
                                                                                                                                                                                0x00401840
                                                                                                                                                                                0x00401845
                                                                                                                                                                                0x004015a8
                                                                                                                                                                                0x0040265c
                                                                                                                                                                                0x0040265c
                                                                                                                                                                                0x0040288b
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004017e8
                                                                                                                                                                                0x004017ee
                                                                                                                                                                                0x004017f9
                                                                                                                                                                                0x00401806
                                                                                                                                                                                0x00401811
                                                                                                                                                                                0x00401827
                                                                                                                                                                                0x00401827
                                                                                                                                                                                0x0040182a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00401830
                                                                                                                                                                                0x00401830
                                                                                                                                                                                0x00401831
                                                                                                                                                                                0x0040184e
                                                                                                                                                                                0x00402894
                                                                                                                                                                                0x00402894
                                                                                                                                                                                0x00402894
                                                                                                                                                                                0x00401833
                                                                                                                                                                                0x00401833
                                                                                                                                                                                0x00401834
                                                                                                                                                                                0x00401492
                                                                                                                                                                                0x0040220e
                                                                                                                                                                                0x0040220e
                                                                                                                                                                                0x0040220e
                                                                                                                                                                                0x00401831
                                                                                                                                                                                0x0040182a
                                                                                                                                                                                0x00402896
                                                                                                                                                                                0x0040289a
                                                                                                                                                                                0x0040289a
                                                                                                                                                                                0x0040185e
                                                                                                                                                                                0x00401863
                                                                                                                                                                                0x00401869
                                                                                                                                                                                0x0040186a
                                                                                                                                                                                0x0040186b
                                                                                                                                                                                0x0040186e
                                                                                                                                                                                0x00401871
                                                                                                                                                                                0x00401876
                                                                                                                                                                                0x0040187c
                                                                                                                                                                                0x00401880
                                                                                                                                                                                0x00401882
                                                                                                                                                                                0x0040188a
                                                                                                                                                                                0x00401896
                                                                                                                                                                                0x00401884
                                                                                                                                                                                0x00401884
                                                                                                                                                                                0x00401888
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00401888
                                                                                                                                                                                0x0040189f
                                                                                                                                                                                0x004018a5
                                                                                                                                                                                0x004018a7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004018ad
                                                                                                                                                                                0x004018ad
                                                                                                                                                                                0x004018b0
                                                                                                                                                                                0x004018c8
                                                                                                                                                                                0x004018b2
                                                                                                                                                                                0x004018b5
                                                                                                                                                                                0x004018be
                                                                                                                                                                                0x004018be
                                                                                                                                                                                0x004018cd
                                                                                                                                                                                0x004018d2
                                                                                                                                                                                0x00402209
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402209
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrcatA.KERNEL32(00000000,00000000,show,C:\Program Files\Unlocker,00000000,00000000,00000031), ref: 00401773
                                                                                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,show,show,00000000,00000000,show,C:\Program Files\Unlocker,00000000,00000000,00000031), ref: 0040179D
                                                                                                                                                                                  • Part of subcall function 004059DD: lstrcpynA.KERNEL32(?,?,00000400,00403139,Unlocker 1.9.2 Setup,NSIS Error), ref: 004059EA
                                                                                                                                                                                  • Part of subcall function 00404D7B: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00000000,004ED7FE,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000,?), ref: 00404DB4
                                                                                                                                                                                  • Part of subcall function 00404D7B: lstrlenA.KERNEL32(00402F8B,Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00000000,004ED7FE,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000), ref: 00404DC4
                                                                                                                                                                                  • Part of subcall function 00404D7B: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00402F8B,00402F8B,Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00000000,004ED7FE,00000000), ref: 00404DD7
                                                                                                                                                                                  • Part of subcall function 00404D7B: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\), ref: 00404DE9
                                                                                                                                                                                  • Part of subcall function 00404D7B: SendMessageA.USER32 ref: 00404E0F
                                                                                                                                                                                  • Part of subcall function 00404D7B: SendMessageA.USER32 ref: 00404E29
                                                                                                                                                                                  • Part of subcall function 00404D7B: SendMessageA.USER32 ref: 00404E37
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                • String ID: C:\Program Files\Unlocker$C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp$C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\InstallOptions.dll$show
                                                                                                                                                                                • API String ID: 1941528284-1829211330
                                                                                                                                                                                • Opcode ID: 89dec647013ee6528c2b69545b8c488e5fa697e94d303dfd7bd1404993c1dcdb
                                                                                                                                                                                • Instruction ID: 7896ef4f757b45501086316f909c91b804aeab5b8a53035332c5850d51b772f7
                                                                                                                                                                                • Opcode Fuzzy Hash: 89dec647013ee6528c2b69545b8c488e5fa697e94d303dfd7bd1404993c1dcdb
                                                                                                                                                                                • Instruction Fuzzy Hash: FA41C272900615BACF10BBA5DD46EAF3A79EF01329B20433BF515F11E1D63C4A419AAD
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00404D7B, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 860 404d7b-404d90 861 404e46-404e4a 860->861 862 404d96-404da8 860->862 863 404db3-404dbf lstrlenA 862->863 864 404daa-404dae call 4059ff 862->864 866 404dc1-404dd1 lstrlenA 863->866 867 404ddc-404de0 863->867 864->863 866->861 868 404dd3-404dd7 lstrcatA 866->868 869 404de2-404de9 SetWindowTextA 867->869 870 404def-404df3 867->870 868->867 869->870 871 404df5-404e37 SendMessageA * 3 870->871 872 404e39-404e3b 870->872 871->872 872->861 873 404e3d-404e40 872->873 873->861
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00404D7B(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423664; // 0x6029c
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f34; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E004059FF(0, _t39, 0x41fc50, 0x41fc50, _a4);
					}
					_t26 = lstrlenA(0x41fc50);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423648, 0x41fc50); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc50;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc50)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc50, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                                                                                                0x00404d81
                                                                                                                                                                                0x00404d8d
                                                                                                                                                                                0x00404d90
                                                                                                                                                                                0x00404d96
                                                                                                                                                                                0x00404da2
                                                                                                                                                                                0x00404da5
                                                                                                                                                                                0x00404da8
                                                                                                                                                                                0x00404dae
                                                                                                                                                                                0x00404dae
                                                                                                                                                                                0x00404db4
                                                                                                                                                                                0x00404dbc
                                                                                                                                                                                0x00404dbf
                                                                                                                                                                                0x00404ddc
                                                                                                                                                                                0x00404de0
                                                                                                                                                                                0x00404de9
                                                                                                                                                                                0x00404de9
                                                                                                                                                                                0x00404df3
                                                                                                                                                                                0x00404dfc
                                                                                                                                                                                0x00404e08
                                                                                                                                                                                0x00404e0f
                                                                                                                                                                                0x00404e13
                                                                                                                                                                                0x00404e16
                                                                                                                                                                                0x00404e29
                                                                                                                                                                                0x00404e37
                                                                                                                                                                                0x00404e37
                                                                                                                                                                                0x00404e3b
                                                                                                                                                                                0x00404e3d
                                                                                                                                                                                0x00404e40
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404e40
                                                                                                                                                                                0x00404dc1
                                                                                                                                                                                0x00404dc9
                                                                                                                                                                                0x00404dd1
                                                                                                                                                                                0x00404dd7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404dd7
                                                                                                                                                                                0x00404dd1
                                                                                                                                                                                0x00404dbf
                                                                                                                                                                                0x00404e4a

                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00000000,004ED7FE,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000,?), ref: 00404DB4
                                                                                                                                                                                • lstrlenA.KERNEL32(00402F8B,Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00000000,004ED7FE,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000), ref: 00404DC4
                                                                                                                                                                                • lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00402F8B,00402F8B,Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00000000,004ED7FE,00000000), ref: 00404DD7
                                                                                                                                                                                • SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\), ref: 00404DE9
                                                                                                                                                                                • SendMessageA.USER32 ref: 00404E0F
                                                                                                                                                                                • SendMessageA.USER32 ref: 00404E29
                                                                                                                                                                                • SendMessageA.USER32 ref: 00404E37
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\
                                                                                                                                                                                • API String ID: 2531174081-4204097782
                                                                                                                                                                                • Opcode ID: c117b3df20c288d55b5a21bdd6a2c22ff4c3416e9741a057e5fe706e23abbf15
                                                                                                                                                                                • Instruction ID: 7f48be0438031ac4014e4461c76190d89e96d247d5b12388d0b77bfdc4e74ae1
                                                                                                                                                                                • Opcode Fuzzy Hash: c117b3df20c288d55b5a21bdd6a2c22ff4c3416e9741a057e5fe706e23abbf15
                                                                                                                                                                                • Instruction Fuzzy Hash: 09216DB1E00158BBDB119FA5CD84ADEBFB9FF45354F14807AFA04B6290C7398A419B98
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00402E5B, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 874 402e5b-402e6f 875 402e71 874->875 876 402e78-402e80 874->876 875->876 877 402e82 876->877 878 402e87-402e8c 876->878 877->878 879 402e9c-402ea9 call 40304e 878->879 880 402e8e-402e97 call 403080 878->880 884 402ff9 879->884 885 402eaf-402eb3 879->885 880->879 886 402ffb-402ffc 884->886 887 402fe2-402fe4 885->887 888 402eb9-402ed9 GetTickCount call 405dd9 885->888 890 403047-40304b 886->890 891 402fe6-402fe9 887->891 892 403039-40303d 887->892 899 403044 888->899 900 402edf-402ee7 888->900 896 402feb 891->896 897 402fee-402ff7 call 40304e 891->897 894 402ffe-403004 892->894 895 40303f 892->895 901 403006 894->901 902 403009-403017 call 40304e 894->902 895->899 896->897 897->884 907 403041 897->907 899->890 904 402ee9 900->904 905 402eec-402efa call 40304e 900->905 901->902 902->884 911 403019-40302c WriteFile 902->911 904->905 905->884 912 402f00-402f09 905->912 907->899 913 402fde-402fe0 911->913 914 40302e-403031 911->914 915 402f0f-402f2c call 405df9 912->915 913->886 914->913 916 403033-403036 914->916 919 402f32-402f49 GetTickCount 915->919 920 402fda-402fdc 915->920 916->892 921 402f4b-402f53 919->921 922 402f8e-402f92 919->922 920->886 925 402f55-402f59 921->925 926 402f5b-402f86 MulDiv wsprintfA call 404d7b 921->926 923 402f94-402f97 922->923 924 402fcf-402fd2 922->924 927 402fb7-402fbd 923->927 928 402f99-402fab WriteFile 923->928 924->900 929 402fd8 924->929 925->922 925->926 931 402f8b 926->931 933 402fc3-402fc7 927->933 928->913 932 402fad-402fb0 928->932 929->899 931->922 932->913 934 402fb2-402fb5 932->934 933->915 935 402fcd 933->935 934->933 935->899
                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                			E00402E5B(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t62;
				void* _t63;
				int _t66;
				intOrPtr _t74;
				long _t75;
				int _t78;
				void* _t88;
				intOrPtr _t91;
				void* _t93;
				long _t96;
				signed int _t97;
				long _t98;
				int _t99;
				void* _t100;
				long _t101;
				void* _t102;

				_t97 = _a16;
				_t93 = _a12;
				_v12 = _t97;
				if(_t93 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t88 = _t93;
				if(_t93 == 0) {
					_t88 = 0x40f020;
				}
				_t60 = _a4;
				if(_a4 >= 0) {
					_t91 =  *0x423ed8; // 0x1a434
					E00403080(_t91 + _t60);
				}
				_t62 = E0040304E( &_a16, 4); // executed
				if(_t62 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t93 == 0) {
							while(_a16 > 0) {
								_t98 = _v12;
								if(_a16 < _t98) {
									_t98 = _a16;
								}
								if(E0040304E(0x40b020, _t98) == 0) {
									goto L34;
								} else {
									_t66 = WriteFile(_a8, 0x40b020, _t98,  &_a12, 0); // executed
									if(_t66 == 0 || _t98 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t63);
										return _t63;
									} else {
										_v8 = _v8 + _t98;
										_a16 = _a16 - _t98;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t97) {
							_t97 = _a16;
						}
						if(E0040304E(_t93, _t97) != 0) {
							_v8 = _t97;
							goto L45;
						} else {
							goto L34;
						}
					}
					_v16 = GetTickCount();
					E00405DD9(0x40af90);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E0040304E(0x40b020, _t99) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t99;
						 *0x40afa8 = 0x40b020;
						 *0x40afac = _t99;
						while(1) {
							 *0x40afb0 = _t88;
							 *0x40afb4 = _v12; // executed
							_t74 = E00405DF9(0x40af90); // executed
							_v24 = _t74;
							if(_t74 < 0) {
								break;
							}
							_t100 =  *0x40afb0; // 0x4ed7fe
							_t101 = _t100 - _t88;
							_t75 = GetTickCount();
							_t96 = _t75;
							if(( *0x423f34 & 0x00000001) != 0 && (_t75 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00404D7B(0,  &_v88); // executed
								_v16 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_t88 =  *0x40afb0; // 0x4ed7fe
									L24:
									if(_v24 != 1) {
										continue;
									}
									goto L45;
								}
								_t78 = WriteFile(_a8, _t88, _t101,  &_v20, 0); // executed
								if(_t78 == 0 || _v20 != _t101) {
									goto L29;
								} else {
									_v8 = _v8 + _t101;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}

























                                                                                                                                                                                0x00402e63
                                                                                                                                                                                0x00402e67
                                                                                                                                                                                0x00402e6a
                                                                                                                                                                                0x00402e6f
                                                                                                                                                                                0x00402e71
                                                                                                                                                                                0x00402e71
                                                                                                                                                                                0x00402e78
                                                                                                                                                                                0x00402e7c
                                                                                                                                                                                0x00402e80
                                                                                                                                                                                0x00402e82
                                                                                                                                                                                0x00402e82
                                                                                                                                                                                0x00402e87
                                                                                                                                                                                0x00402e8c
                                                                                                                                                                                0x00402e8e
                                                                                                                                                                                0x00402e97
                                                                                                                                                                                0x00402e97
                                                                                                                                                                                0x00402ea2
                                                                                                                                                                                0x00402ea9
                                                                                                                                                                                0x00402ff9
                                                                                                                                                                                0x00402ff9
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402eaf
                                                                                                                                                                                0x00402eb3
                                                                                                                                                                                0x00402fe4
                                                                                                                                                                                0x00403039
                                                                                                                                                                                0x00402ffe
                                                                                                                                                                                0x00403004
                                                                                                                                                                                0x00403006
                                                                                                                                                                                0x00403006
                                                                                                                                                                                0x00403017
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403019
                                                                                                                                                                                0x00403024
                                                                                                                                                                                0x0040302c
                                                                                                                                                                                0x00402fde
                                                                                                                                                                                0x00402fde
                                                                                                                                                                                0x00402ffb
                                                                                                                                                                                0x00402ffb
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403033
                                                                                                                                                                                0x00403033
                                                                                                                                                                                0x00403036
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403036
                                                                                                                                                                                0x0040302c
                                                                                                                                                                                0x00403017
                                                                                                                                                                                0x00403044
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403044
                                                                                                                                                                                0x00402fe9
                                                                                                                                                                                0x00402feb
                                                                                                                                                                                0x00402feb
                                                                                                                                                                                0x00402ff7
                                                                                                                                                                                0x00403041
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402ff7
                                                                                                                                                                                0x00402ec4
                                                                                                                                                                                0x00402ec7
                                                                                                                                                                                0x00402ecc
                                                                                                                                                                                0x00402ecc
                                                                                                                                                                                0x00402ed6
                                                                                                                                                                                0x00402ed9
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402edf
                                                                                                                                                                                0x00402edf
                                                                                                                                                                                0x00402edf
                                                                                                                                                                                0x00402ee7
                                                                                                                                                                                0x00402ee9
                                                                                                                                                                                0x00402ee9
                                                                                                                                                                                0x00402efa
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402f00
                                                                                                                                                                                0x00402f03
                                                                                                                                                                                0x00402f09
                                                                                                                                                                                0x00402f0f
                                                                                                                                                                                0x00402f17
                                                                                                                                                                                0x00402f1d
                                                                                                                                                                                0x00402f22
                                                                                                                                                                                0x00402f29
                                                                                                                                                                                0x00402f2c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402f32
                                                                                                                                                                                0x00402f38
                                                                                                                                                                                0x00402f3a
                                                                                                                                                                                0x00402f47
                                                                                                                                                                                0x00402f49
                                                                                                                                                                                0x00402f77
                                                                                                                                                                                0x00402f7d
                                                                                                                                                                                0x00402f86
                                                                                                                                                                                0x00402f8b
                                                                                                                                                                                0x00402f8b
                                                                                                                                                                                0x00402f92
                                                                                                                                                                                0x00402fd2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402f94
                                                                                                                                                                                0x00402f97
                                                                                                                                                                                0x00402fb7
                                                                                                                                                                                0x00402fba
                                                                                                                                                                                0x00402fbd
                                                                                                                                                                                0x00402fc3
                                                                                                                                                                                0x00402fc7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402fcd
                                                                                                                                                                                0x00402fa3
                                                                                                                                                                                0x00402fab
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402fb2
                                                                                                                                                                                0x00402fb2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402fb2
                                                                                                                                                                                0x00402fab
                                                                                                                                                                                0x00402f92
                                                                                                                                                                                0x00402fda
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402fda
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402edf

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402EB9
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402F3A
                                                                                                                                                                                • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402F67
                                                                                                                                                                                • wsprintfA.USER32 ref: 00402F77
                                                                                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,004ED7FE,00000000,00000000), ref: 00402FA3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountTick$FileWritewsprintf
                                                                                                                                                                                • String ID: ... %d%%
                                                                                                                                                                                • API String ID: 4209647438-2449383134
                                                                                                                                                                                • Opcode ID: 6f311f0161e6b5a2b9589c42eb5a4067f1e4fce311a25467e7f14920e616ef45
                                                                                                                                                                                • Instruction ID: 77f196e3f4de2b0f7ff2a56d5fa3bb7e3b28ee40e2402e388f788a2720e93e15
                                                                                                                                                                                • Opcode Fuzzy Hash: 6f311f0161e6b5a2b9589c42eb5a4067f1e4fce311a25467e7f14920e616ef45
                                                                                                                                                                                • Instruction Fuzzy Hash: F151917190121A9BCF10CF55DA48AAF7B78AF04795F10413BF810B72C0D7B89E50DBAA
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0040267C, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                			E0040267C(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				long _t41;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029F6(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E0040553D(_t52) == 0) {
					E004029F6(0xffffffed);
				}
				E00405695(_t52);
				_t27 = E004056B4(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423e94; // 0xce00
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E00403080(_t47);
						E0040304E(_t51,  *(_t58 - 0x2c)); // executed
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402E5B( *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c)); // executed
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E00405675( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47); // executed
						GlobalFree(_t51);
						_t41 = E00402E5B(0xffffffff,  *(_t58 + 8), _t47, _t47); // executed
						 *(_t58 - 8) = _t41;
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}












                                                                                                                                                                                0x0040267c
                                                                                                                                                                                0x0040267e
                                                                                                                                                                                0x0040268a
                                                                                                                                                                                0x0040268d
                                                                                                                                                                                0x00402697
                                                                                                                                                                                0x0040269b
                                                                                                                                                                                0x0040269b
                                                                                                                                                                                0x004026a1
                                                                                                                                                                                0x004026ae
                                                                                                                                                                                0x004026b6
                                                                                                                                                                                0x004026b9
                                                                                                                                                                                0x004026bf
                                                                                                                                                                                0x004026cd
                                                                                                                                                                                0x004026d2
                                                                                                                                                                                0x004026d6
                                                                                                                                                                                0x004026d9
                                                                                                                                                                                0x004026e2
                                                                                                                                                                                0x004026ee
                                                                                                                                                                                0x004026f2
                                                                                                                                                                                0x004026f5
                                                                                                                                                                                0x004026ff
                                                                                                                                                                                0x0040271e
                                                                                                                                                                                0x00402706
                                                                                                                                                                                0x0040270b
                                                                                                                                                                                0x00402713
                                                                                                                                                                                0x00402716
                                                                                                                                                                                0x0040271b
                                                                                                                                                                                0x0040271b
                                                                                                                                                                                0x00402725
                                                                                                                                                                                0x00402725
                                                                                                                                                                                0x00402737
                                                                                                                                                                                0x0040273e
                                                                                                                                                                                0x0040274b
                                                                                                                                                                                0x00402750
                                                                                                                                                                                0x00402750
                                                                                                                                                                                0x00402756
                                                                                                                                                                                0x00402756
                                                                                                                                                                                0x00402761
                                                                                                                                                                                0x00402762
                                                                                                                                                                                0x00402766
                                                                                                                                                                                0x0040276a
                                                                                                                                                                                0x00402770
                                                                                                                                                                                0x00402770
                                                                                                                                                                                0x00402777
                                                                                                                                                                                0x00402164
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000CE00,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 00402725
                                                                                                                                                                                • WriteFile.KERNELBASE(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 0040273E
                                                                                                                                                                                • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                                                                                                                                                                • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3294113728-0
                                                                                                                                                                                • Opcode ID: 130aa79b9c983bd4e060f1967264d3b910e55c34024405a00a28679471b0e476
                                                                                                                                                                                • Instruction ID: 12be5ee7c0a04460072f4a22dab7179149aa53ae67e7a866020ad89d1ba75591
                                                                                                                                                                                • Opcode Fuzzy Hash: 130aa79b9c983bd4e060f1967264d3b910e55c34024405a00a28679471b0e476
                                                                                                                                                                                • Instruction Fuzzy Hash: 5831C071C00128BBDF216FA5CD88EAE7E79EF04368F10423AF524762E0C7795D419BA8
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00402303, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 969 402303-402349 call 402aeb call 4029f6 * 2 RegCreateKeyExA 976 40288b-40289a 969->976 977 40234f-402357 969->977 979 402367-40236a 977->979 980 402359-402366 call 4029f6 lstrlenA 977->980 983 40237a-40237d 979->983 984 40236c-402379 call 4029d9 979->984 980->979 986 40238e-4023a2 RegSetValueExA 983->986 987 40237f-402389 call 402e5b 983->987 984->983 991 4023a4 986->991 992 4023a7-402483 RegCloseKey 986->992 987->986 991->992 992->976
                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                			E00402303(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				long _t22;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402AEB(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029F6(2);
				_t18 = E004029F6(0x11);
				_t30 =  *0x423f30; // 0x100
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27); // executed
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029F6(0x23);
						_t19 = lstrlenA(0x40a350) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029D9(3);
						 *0x40a350 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E5B( *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a350, 0xc00);
					}
					_t22 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a350, _t19); // executed
					if(_t22 == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey(); // executed
				}
				 *0x423f08 =  *0x423f08 +  *(_t37 - 4);
				return 0;
			}












                                                                                                                                                                                0x00402304
                                                                                                                                                                                0x00402309
                                                                                                                                                                                0x00402313
                                                                                                                                                                                0x0040231d
                                                                                                                                                                                0x00402320
                                                                                                                                                                                0x0040232a
                                                                                                                                                                                0x0040233a
                                                                                                                                                                                0x00402341
                                                                                                                                                                                0x00402349
                                                                                                                                                                                0x00402357
                                                                                                                                                                                0x0040235b
                                                                                                                                                                                0x00402366
                                                                                                                                                                                0x00402366
                                                                                                                                                                                0x0040236a
                                                                                                                                                                                0x0040236e
                                                                                                                                                                                0x00402374
                                                                                                                                                                                0x00402379
                                                                                                                                                                                0x00402379
                                                                                                                                                                                0x0040237d
                                                                                                                                                                                0x00402389
                                                                                                                                                                                0x00402389
                                                                                                                                                                                0x0040239a
                                                                                                                                                                                0x004023a2
                                                                                                                                                                                0x004023a4
                                                                                                                                                                                0x004023a4
                                                                                                                                                                                0x004023a7
                                                                                                                                                                                0x0040247d
                                                                                                                                                                                0x0040247d
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 00402341
                                                                                                                                                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp,00000023,?,?,?,00000100,?,?,?,00000011,00000002), ref: 00402361
                                                                                                                                                                                • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 0040239A
                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseCreateValuelstrlen
                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp
                                                                                                                                                                                • API String ID: 1356686001-3699850181
                                                                                                                                                                                • Opcode ID: dbb0ac2dea1b540987cf841eb3ee0772f6bb7d6697134c80a962b157f725af8d
                                                                                                                                                                                • Instruction ID: 0c84a363429982d99d3a5a271a87b4b8d308e401ccf86a25fc22d5166c0076e5
                                                                                                                                                                                • Opcode Fuzzy Hash: dbb0ac2dea1b540987cf841eb3ee0772f6bb7d6697134c80a962b157f725af8d
                                                                                                                                                                                • Instruction Fuzzy Hash: 781163B1E00209BFEB10AFA4DE49EAF767CFB40358F10413AF901B61D0D6B85D019669
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004015B3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029F6(0xfffffff0);
				_t10 = E00405564(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E004054FB(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E004059DD("C:\\Program Files\\Unlocker", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                                                                                                                                                0x004015b3
                                                                                                                                                                                0x004015ba
                                                                                                                                                                                0x004015bd
                                                                                                                                                                                0x004015c2
                                                                                                                                                                                0x004015c6
                                                                                                                                                                                0x004015c8
                                                                                                                                                                                0x004015d0
                                                                                                                                                                                0x004015d6
                                                                                                                                                                                0x004015d8
                                                                                                                                                                                0x004015db
                                                                                                                                                                                0x004015e3
                                                                                                                                                                                0x004015f0
                                                                                                                                                                                0x004015fd
                                                                                                                                                                                0x004015fd
                                                                                                                                                                                0x004015f2
                                                                                                                                                                                0x004015f3
                                                                                                                                                                                0x004015fb
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004015fb
                                                                                                                                                                                0x004015f0
                                                                                                                                                                                0x00401600
                                                                                                                                                                                0x00401603
                                                                                                                                                                                0x00401605
                                                                                                                                                                                0x00401606
                                                                                                                                                                                0x004015c8
                                                                                                                                                                                0x0040160d
                                                                                                                                                                                0x0040162d
                                                                                                                                                                                0x00402164
                                                                                                                                                                                0x0040160f
                                                                                                                                                                                0x00401611
                                                                                                                                                                                0x0040161c
                                                                                                                                                                                0x00401622
                                                                                                                                                                                0x00401622
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00405564: CharNextA.USER32(00405316,?,C:\,00000000,004055C8,C:\,C:\,?,?,00000000,00405316,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,00000000), ref: 00405572
                                                                                                                                                                                  • Part of subcall function 00405564: CharNextA.USER32(00000000), ref: 00405577
                                                                                                                                                                                  • Part of subcall function 00405564: CharNextA.USER32(00000000), ref: 00405586
                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                                                                                                • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Program Files\Unlocker,00000000,00000000,000000F0), ref: 00401622
                                                                                                                                                                                Strings
                                                                                                                                                                                • C:\Program Files\Unlocker, xrefs: 00401617
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                                                                                • String ID: C:\Program Files\Unlocker
                                                                                                                                                                                • API String ID: 3751793516-1747243819
                                                                                                                                                                                • Opcode ID: eca45e4f265b5310bf3876cc38f450248989b20858a3f8b45370c7433c2b44d3
                                                                                                                                                                                • Instruction ID: ffaaac8e814952d4dd163c137c14166a37b00a477d69e33f5cc6849720afcf5a
                                                                                                                                                                                • Opcode Fuzzy Hash: eca45e4f265b5310bf3876cc38f450248989b20858a3f8b45370c7433c2b44d3
                                                                                                                                                                                • Instruction Fuzzy Hash: 86010831908180ABDB116F795D44D6F27B0DA52365728473BF491B22E2C23C4942962E
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004056E3, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E004056E3(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                                                                                                                0x004056e7
                                                                                                                                                                                0x004056ed
                                                                                                                                                                                0x004056ee
                                                                                                                                                                                0x004056ee
                                                                                                                                                                                0x004056ef
                                                                                                                                                                                0x004056f6
                                                                                                                                                                                0x00405700
                                                                                                                                                                                0x0040570d
                                                                                                                                                                                0x00405710
                                                                                                                                                                                0x00405718
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040571c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040571e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040571e
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 004056F6
                                                                                                                                                                                • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405710
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\Unlocker1.9.2.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                • API String ID: 1716503409-1080177851
                                                                                                                                                                                • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                                                • Instruction ID: 090c9869d25c952b380026dfe3028592f3e254e5657c021594612e0629f183dd
                                                                                                                                                                                • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                                                • Instruction Fuzzy Hash: AFF0A736348204B7D7104F55EC04B9B7F5DDF91750F14C027F944DA1C0D6B1995597A5
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00404568, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 53%
                                                                                                                                                                                			E00404568(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				int _t29;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E004059FF(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E004059FF(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E004059FF(_t34, 0, 0x420478, 0x420478, _a8);
				wsprintfA(_t26 + lstrlenA(0x420478), "%u.%u%s%s");
				_t29 = SetDlgItemTextA( *0x423658, _a4, 0x420478); // executed
				return _t29;
			}














                                                                                                                                                                                0x00404570
                                                                                                                                                                                0x00404574
                                                                                                                                                                                0x0040457c
                                                                                                                                                                                0x0040457f
                                                                                                                                                                                0x00404580
                                                                                                                                                                                0x00404582
                                                                                                                                                                                0x00404584
                                                                                                                                                                                0x00404587
                                                                                                                                                                                0x00404587
                                                                                                                                                                                0x0040458e
                                                                                                                                                                                0x00404594
                                                                                                                                                                                0x00404594
                                                                                                                                                                                0x0040459b
                                                                                                                                                                                0x004045a6
                                                                                                                                                                                0x004045a7
                                                                                                                                                                                0x004045aa
                                                                                                                                                                                0x004045aa
                                                                                                                                                                                0x004045b7
                                                                                                                                                                                0x004045c2
                                                                                                                                                                                0x004045c5
                                                                                                                                                                                0x004045d7
                                                                                                                                                                                0x004045de
                                                                                                                                                                                0x004045df
                                                                                                                                                                                0x004045ee
                                                                                                                                                                                0x004045fe
                                                                                                                                                                                0x00404611
                                                                                                                                                                                0x0040461a

                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrlenA.KERNEL32(00420478,00420478,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404488,000000DF,0000040F,00000400,00000000), ref: 004045F6
                                                                                                                                                                                • wsprintfA.USER32 ref: 004045FE
                                                                                                                                                                                • SetDlgItemTextA.USER32 ref: 00404611
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                • String ID: %u.%u%s%s
                                                                                                                                                                                • API String ID: 3540041739-3551169577
                                                                                                                                                                                • Opcode ID: fbb595e432194c305246c6f0f4e29bd605609ecb9101d11c6153431d6f6663c0
                                                                                                                                                                                • Instruction ID: de100ae33fd703a766e80fabf1c0ef7e237f6bef08e04a4196497c65211e5d03
                                                                                                                                                                                • Opcode Fuzzy Hash: fbb595e432194c305246c6f0f4e29bd605609ecb9101d11c6153431d6f6663c0
                                                                                                                                                                                • Instruction Fuzzy Hash: 331104B370012477DB10666D9C05EAF329DDBC6334F14023BFA2AF61D1E9388C1186E8
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 51%
                                                                                                                                                                                			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029D9(3);
				 *(_t55 + 8) = E004029D9(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029F6(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029F6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029F6();
					_t28 = E004029F6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28); // executed
					goto L10;
				} else {
					_t52 = E004029D9();
					_t37 = E004029D9();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8)); // executed
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E0040593B();
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                                                                                                                0x00401bb6
                                                                                                                                                                                0x00401bc2
                                                                                                                                                                                0x00401bc5
                                                                                                                                                                                0x00401bce
                                                                                                                                                                                0x00401bce
                                                                                                                                                                                0x00401bd1
                                                                                                                                                                                0x00401bd5
                                                                                                                                                                                0x00401bde
                                                                                                                                                                                0x00401bde
                                                                                                                                                                                0x00401be1
                                                                                                                                                                                0x00401be5
                                                                                                                                                                                0x00401be7
                                                                                                                                                                                0x00401c34
                                                                                                                                                                                0x00401c36
                                                                                                                                                                                0x00401c3f
                                                                                                                                                                                0x00401c47
                                                                                                                                                                                0x00401c4a
                                                                                                                                                                                0x00401c4a
                                                                                                                                                                                0x00401c53
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00401be9
                                                                                                                                                                                0x00401bf0
                                                                                                                                                                                0x00401bf2
                                                                                                                                                                                0x00401bfa
                                                                                                                                                                                0x00401bfd
                                                                                                                                                                                0x00401c25
                                                                                                                                                                                0x00401c59
                                                                                                                                                                                0x00401c59
                                                                                                                                                                                0x00401bff
                                                                                                                                                                                0x00401c0d
                                                                                                                                                                                0x00401c15
                                                                                                                                                                                0x00401c18
                                                                                                                                                                                0x00401c18
                                                                                                                                                                                0x00401bfd
                                                                                                                                                                                0x00401c5c
                                                                                                                                                                                0x00401c5f
                                                                                                                                                                                0x00401c65
                                                                                                                                                                                0x00402833
                                                                                                                                                                                0x00402833
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                                                                                                • SendMessageA.USER32 ref: 00401C25
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                                                                • String ID: !
                                                                                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                                                                                • Opcode ID: a21e9fedaf10b3d0faf8ff8eb7872d1ba6ab3a41dfe2fcd52b90142743086bd6
                                                                                                                                                                                • Instruction ID: 089b6e11c3ee5c2ceb15467343933f82bc3488a694e04e66c57418204d538f9a
                                                                                                                                                                                • Opcode Fuzzy Hash: a21e9fedaf10b3d0faf8ff8eb7872d1ba6ab3a41dfe2fcd52b90142743086bd6
                                                                                                                                                                                • Instruction Fuzzy Hash: B321C4B1A44209BFEF01AFB4CE4AAAE7B75EF40344F14053EF602B60D1D6B84980E718
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0040523D, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E0040523D(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422480->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x422480,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                                                                                0x00405246
                                                                                                                                                                                0x00405262
                                                                                                                                                                                0x0040526a
                                                                                                                                                                                0x0040526f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405275
                                                                                                                                                                                0x00405279

                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422480,Error launching installer), ref: 00405262
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0040526F
                                                                                                                                                                                Strings
                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 0040523D
                                                                                                                                                                                • Error launching installer, xrefs: 00405250
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                                                                                                                                                                • API String ID: 3712363035-1785902839
                                                                                                                                                                                • Opcode ID: 1f2f9ff3088062fdf2c67fe66ccdb0f341c5896b9e6aafa6ba1adbb34377fffc
                                                                                                                                                                                • Instruction ID: 0a3d69d2a3401d9d63374a1600280413a6fd3692a6ba6d2da32d4f839eaa01ec
                                                                                                                                                                                • Opcode Fuzzy Hash: 1f2f9ff3088062fdf2c67fe66ccdb0f341c5896b9e6aafa6ba1adbb34377fffc
                                                                                                                                                                                • Instruction Fuzzy Hash: BEE0E674A1010ABBDB00EF64DD09D6B7B7CFB00304B408621E911E2150D774E4108A79
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00401F51, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 60%
                                                                                                                                                                                			E00401F51(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423f38");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423f08 =  *0x423f08 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029F6(0xfffffff0);
				 *(_t34 + 8) = E004029F6(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404D7B(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40af50, 0x409000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E004034C6(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                                                                                0x00401f51
                                                                                                                                                                                0x00401f51
                                                                                                                                                                                0x00401f56
                                                                                                                                                                                0x00401f5d
                                                                                                                                                                                0x00402019
                                                                                                                                                                                0x00402164
                                                                                                                                                                                0x00402164
                                                                                                                                                                                0x0040288b
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a
                                                                                                                                                                                0x0040289a
                                                                                                                                                                                0x00401f6c
                                                                                                                                                                                0x00401f76
                                                                                                                                                                                0x00401f79
                                                                                                                                                                                0x00401f88
                                                                                                                                                                                0x00401f8c
                                                                                                                                                                                0x00401f92
                                                                                                                                                                                0x00401f96
                                                                                                                                                                                0x00402012
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402012
                                                                                                                                                                                0x00401f98
                                                                                                                                                                                0x00401fa2
                                                                                                                                                                                0x00401fa6
                                                                                                                                                                                0x00401fea
                                                                                                                                                                                0x00401fa8
                                                                                                                                                                                0x00401fab
                                                                                                                                                                                0x00401fae
                                                                                                                                                                                0x00401fde
                                                                                                                                                                                0x00401fb0
                                                                                                                                                                                0x00401fb3
                                                                                                                                                                                0x00401fbc
                                                                                                                                                                                0x00401fbe
                                                                                                                                                                                0x00401fbe
                                                                                                                                                                                0x00401fbc
                                                                                                                                                                                0x00401fae
                                                                                                                                                                                0x00401ff2
                                                                                                                                                                                0x00402007
                                                                                                                                                                                0x00402007
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00401ff2
                                                                                                                                                                                0x00401f7c
                                                                                                                                                                                0x00401f82
                                                                                                                                                                                0x00401f86
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F7C
                                                                                                                                                                                  • Part of subcall function 00404D7B: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00000000,004ED7FE,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000,?), ref: 00404DB4
                                                                                                                                                                                  • Part of subcall function 00404D7B: lstrlenA.KERNEL32(00402F8B,Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00000000,004ED7FE,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000), ref: 00404DC4
                                                                                                                                                                                  • Part of subcall function 00404D7B: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00402F8B,00402F8B,Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00000000,004ED7FE,00000000), ref: 00404DD7
                                                                                                                                                                                  • Part of subcall function 00404D7B: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\), ref: 00404DE9
                                                                                                                                                                                  • Part of subcall function 00404D7B: SendMessageA.USER32 ref: 00404E0F
                                                                                                                                                                                  • Part of subcall function 00404D7B: SendMessageA.USER32 ref: 00404E29
                                                                                                                                                                                  • Part of subcall function 00404D7B: SendMessageA.USER32 ref: 00404E37
                                                                                                                                                                                • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2987980305-0
                                                                                                                                                                                • Opcode ID: 71306b1134231061c89694e0e173e72c12ff72d2ee8c3f8387a1942ab3f7262f
                                                                                                                                                                                • Instruction ID: d4347cebb671b603d0a5d412fc90ce50d757f993dc699470b494ace3858b78d6
                                                                                                                                                                                • Opcode Fuzzy Hash: 71306b1134231061c89694e0e173e72c12ff72d2ee8c3f8387a1942ab3f7262f
                                                                                                                                                                                • Instruction Fuzzy Hash: 7221EE72D04216ABCF107FA4DE89A6E75B06B44359F204337F611B52E0D77C4941965E
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00404CCB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00404CCB(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t13;
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420460 != _t22) {
							 *0x420460 = _t22;
							E004059DD(0x420478, 0x424000);
							E0040593B(0x424000, _t22);
							E0040140B(6);
							E004059DD(0x424000, 0x420478);
						}
						L11:
						_t13 = CallWindowProcA( *0x420468, _a4, _a8, _a12, _t22); // executed
						return _t13;
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E0040464A(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403DDB(0x413);
				return 0;
			}





                                                                                                                                                                                0x00404cd7
                                                                                                                                                                                0x00404cfc
                                                                                                                                                                                0x00404d1c
                                                                                                                                                                                0x00404d1f
                                                                                                                                                                                0x00404d22
                                                                                                                                                                                0x00404d39
                                                                                                                                                                                0x00404d3f
                                                                                                                                                                                0x00404d46
                                                                                                                                                                                0x00404d4d
                                                                                                                                                                                0x00404d54
                                                                                                                                                                                0x00404d59
                                                                                                                                                                                0x00404d5f
                                                                                                                                                                                0x00404d6f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404d6f
                                                                                                                                                                                0x00404d09
                                                                                                                                                                                0x00404d5c
                                                                                                                                                                                0x00404d5c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404d5c
                                                                                                                                                                                0x00404d15
                                                                                                                                                                                0x00404d17
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404d17
                                                                                                                                                                                0x00404cdd
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404ce4
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 00404D01
                                                                                                                                                                                • CallWindowProcA.USER32 ref: 00404D6F
                                                                                                                                                                                  • Part of subcall function 00403DDB: SendMessageA.USER32 ref: 00403DED
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                                                                                • Opcode ID: 7ef91977e0255b1fc34b6530065b048aeb6426da5fc65d298478046c2303bded
                                                                                                                                                                                • Instruction ID: 2250b5ae86c5db7695da18b81197a994f129f58ca555af08ca8730d1192fac1c
                                                                                                                                                                                • Opcode Fuzzy Hash: 7ef91977e0255b1fc34b6530065b048aeb6426da5fc65d298478046c2303bded
                                                                                                                                                                                • Instruction Fuzzy Hash: 5A118CB1600208BBDF217F629C4099B3B69EF84765F00813BFB14392A2C77C8951CFA9
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004055B1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 53%
                                                                                                                                                                                			E004055B1(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E004059DD(0x421880, _a4);
				_t21 = E00405564(0x421880);
				if(_t21 != 0) {
					E00405C3F(_t21);
					if(( *0x423e98 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x421880;
						while(1) {
							_t11 = lstrlenA(0x421880);
							_push(0x421880);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00405CD8();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405517(0x421880);
								continue;
							} else {
								goto L1;
							}
						}
						E004054D0();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                                                                                                                0x004055bd
                                                                                                                                                                                0x004055c8
                                                                                                                                                                                0x004055cc
                                                                                                                                                                                0x004055d3
                                                                                                                                                                                0x004055df
                                                                                                                                                                                0x004055eb
                                                                                                                                                                                0x004055eb
                                                                                                                                                                                0x00405603
                                                                                                                                                                                0x00405604
                                                                                                                                                                                0x0040560b
                                                                                                                                                                                0x0040560c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004055ef
                                                                                                                                                                                0x004055f6
                                                                                                                                                                                0x004055fe
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004055f6
                                                                                                                                                                                0x0040560e
                                                                                                                                                                                0x00405614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405622
                                                                                                                                                                                0x004055e1
                                                                                                                                                                                0x004055e5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004055e5
                                                                                                                                                                                0x004055ce
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004059DD: lstrcpynA.KERNEL32(?,?,00000400,00403139,Unlocker 1.9.2 Setup,NSIS Error), ref: 004059EA
                                                                                                                                                                                  • Part of subcall function 00405564: CharNextA.USER32(00405316,?,C:\,00000000,004055C8,C:\,C:\,?,?,00000000,00405316,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,00000000), ref: 00405572
                                                                                                                                                                                  • Part of subcall function 00405564: CharNextA.USER32(00000000), ref: 00405577
                                                                                                                                                                                  • Part of subcall function 00405564: CharNextA.USER32(00000000), ref: 00405586
                                                                                                                                                                                • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,?,?,00000000,00405316,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,00000000), ref: 00405604
                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,00000000,00405316,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,00000000), ref: 00405614
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                • String ID: C:\
                                                                                                                                                                                • API String ID: 3248276644-3404278061
                                                                                                                                                                                • Opcode ID: 658a5dec63a6dfd38c94e6fe1a96680d2d49e1cb79ea5bcfe5db1de8d6a58f0a
                                                                                                                                                                                • Instruction ID: 3cda5072feefcb47a16d69abed3bdaa5828b8ced6428ee97c76234aedc7658ab
                                                                                                                                                                                • Opcode Fuzzy Hash: 658a5dec63a6dfd38c94e6fe1a96680d2d49e1cb79ea5bcfe5db1de8d6a58f0a
                                                                                                                                                                                • Instruction Fuzzy Hash: C2F02831104E903AC723223A1C06A9F1A96CE86369B58053FF855B12D5DA3C8943DD7E
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00403097, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                			E00403097(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
				E00405C3F(_t6);
				_t2 = E0040553D(_t6);
				if(_t2 != 0) {
					E004054D0(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E004056E3("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                                                                                                                                0x00403098
                                                                                                                                                                                0x0040309e
                                                                                                                                                                                0x004030a4
                                                                                                                                                                                0x004030ab
                                                                                                                                                                                0x004030b0
                                                                                                                                                                                0x004030b8
                                                                                                                                                                                0x004030c4
                                                                                                                                                                                0x004030ca
                                                                                                                                                                                0x004030ae
                                                                                                                                                                                0x004030ae
                                                                                                                                                                                0x004030ae

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00405C3F: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405C97
                                                                                                                                                                                  • Part of subcall function 00405C3F: CharNextA.USER32(?,?,?,00000000), ref: 00405CA4
                                                                                                                                                                                  • Part of subcall function 00405C3F: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CA9
                                                                                                                                                                                  • Part of subcall function 00405C3F: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CB9
                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 004030B8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                • API String ID: 4115351271-517883005
                                                                                                                                                                                • Opcode ID: 6fc6148b77ece9d346d6d7cc43375dab10df03dac4f70bfb46dffa123947e942
                                                                                                                                                                                • Instruction ID: 14cf73edb083f9294524d0cb591bdba299ebaa8e37fda96f2dae1f3ab35ccfa6
                                                                                                                                                                                • Opcode Fuzzy Hash: 6fc6148b77ece9d346d6d7cc43375dab10df03dac4f70bfb46dffa123947e942
                                                                                                                                                                                • Instruction Fuzzy Hash: 95D0C92160BD3032D66136263D0AFDF155C8F5236EFA1447BF809B61CA5B6C6A8219FF
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00403491, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00403491() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f434; // 0x0
				_t3 = E00403476(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8)); // executed
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f434 =  *0x41f434 & 0x00000000;
				return _t3;
			}







                                                                                                                                                                                0x00403492
                                                                                                                                                                                0x0040349a
                                                                                                                                                                                0x004034a1
                                                                                                                                                                                0x004034a4
                                                                                                                                                                                0x004034a4
                                                                                                                                                                                0x004034a6
                                                                                                                                                                                0x004034ab
                                                                                                                                                                                0x004034b2
                                                                                                                                                                                0x004034b8
                                                                                                                                                                                0x004034bc
                                                                                                                                                                                0x004034bd
                                                                                                                                                                                0x004034c5

                                                                                                                                                                                APIs
                                                                                                                                                                                • FreeLibrary.KERNELBASE(?,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,00000000,00000000,00403469,004032BC,00000000), ref: 004034AB
                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 004034B2
                                                                                                                                                                                Strings
                                                                                                                                                                                • "C:\Users\user\Desktop\Unlocker1.9.2.exe" , xrefs: 004034A3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Free$GlobalLibrary
                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\Unlocker1.9.2.exe"
                                                                                                                                                                                • API String ID: 1100898210-2033366833
                                                                                                                                                                                • Opcode ID: 3e2f1a94e1730b0e2f77525ddf4d06804517b8e77a23c02aa7cd98468957b701
                                                                                                                                                                                • Instruction ID: 7bfc0464e02b508f879d35a29cae48101a6ab00b4f5f00e512934bdeb57274a8
                                                                                                                                                                                • Opcode Fuzzy Hash: 3e2f1a94e1730b0e2f77525ddf4d06804517b8e77a23c02aa7cd98468957b701
                                                                                                                                                                                • Instruction Fuzzy Hash: FBE08C3280653097C7221F05AE04B9AB66C6F94B22F068076E8407B3A1C3782C428AD8
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004063DD, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 99%
                                                                                                                                                                                			E004063DD() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M0040684B))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4)); // executed
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                                                                                                0x004063dd
                                                                                                                                                                                0x004063dd
                                                                                                                                                                                0x004063dd
                                                                                                                                                                                0x004063dd
                                                                                                                                                                                0x004063e3
                                                                                                                                                                                0x004063e7
                                                                                                                                                                                0x004063eb
                                                                                                                                                                                0x004063f5
                                                                                                                                                                                0x00406403
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066dc
                                                                                                                                                                                0x004066e3
                                                                                                                                                                                0x00406710
                                                                                                                                                                                0x00406710
                                                                                                                                                                                0x00406714
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406716
                                                                                                                                                                                0x0040671f
                                                                                                                                                                                0x00406725
                                                                                                                                                                                0x00406728
                                                                                                                                                                                0x0040672b
                                                                                                                                                                                0x0040672e
                                                                                                                                                                                0x00406731
                                                                                                                                                                                0x00406737
                                                                                                                                                                                0x00406750
                                                                                                                                                                                0x00406753
                                                                                                                                                                                0x0040675f
                                                                                                                                                                                0x00406760
                                                                                                                                                                                0x00406763
                                                                                                                                                                                0x00406739
                                                                                                                                                                                0x00406739
                                                                                                                                                                                0x00406748
                                                                                                                                                                                0x0040674b
                                                                                                                                                                                0x0040674b
                                                                                                                                                                                0x0040676d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x00406710
                                                                                                                                                                                0x00406714
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040676f
                                                                                                                                                                                0x0040676f
                                                                                                                                                                                0x004066e8
                                                                                                                                                                                0x004066ec
                                                                                                                                                                                0x00406824
                                                                                                                                                                                0x00406824
                                                                                                                                                                                0x0040682e
                                                                                                                                                                                0x00406836
                                                                                                                                                                                0x0040683d
                                                                                                                                                                                0x0040683f
                                                                                                                                                                                0x00406846
                                                                                                                                                                                0x0040684a
                                                                                                                                                                                0x0040684a
                                                                                                                                                                                0x004066f2
                                                                                                                                                                                0x004066f8
                                                                                                                                                                                0x004066ff
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x0040670a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040670a
                                                                                                                                                                                0x00406774
                                                                                                                                                                                0x00406781
                                                                                                                                                                                0x00406784
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e35
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e3b
                                                                                                                                                                                0x00405e3b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e42
                                                                                                                                                                                0x00405e46
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e4c
                                                                                                                                                                                0x00405e4f
                                                                                                                                                                                0x00405e52
                                                                                                                                                                                0x00405e55
                                                                                                                                                                                0x00405e59
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e5f
                                                                                                                                                                                0x00405e5f
                                                                                                                                                                                0x00405e62
                                                                                                                                                                                0x00405e64
                                                                                                                                                                                0x00405e65
                                                                                                                                                                                0x00405e68
                                                                                                                                                                                0x00405e6a
                                                                                                                                                                                0x00405e6b
                                                                                                                                                                                0x00405e6d
                                                                                                                                                                                0x00405e70
                                                                                                                                                                                0x00405e75
                                                                                                                                                                                0x00405e7a
                                                                                                                                                                                0x00405e83
                                                                                                                                                                                0x00405e96
                                                                                                                                                                                0x00405e99
                                                                                                                                                                                0x00405ea5
                                                                                                                                                                                0x00405ecd
                                                                                                                                                                                0x00405ecf
                                                                                                                                                                                0x00405edd
                                                                                                                                                                                0x00405edd
                                                                                                                                                                                0x00405ee1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ed4
                                                                                                                                                                                0x00405ed5
                                                                                                                                                                                0x00405ed5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ea7
                                                                                                                                                                                0x00405eab
                                                                                                                                                                                0x00405eb0
                                                                                                                                                                                0x00405eb0
                                                                                                                                                                                0x00405eb9
                                                                                                                                                                                0x00405ec1
                                                                                                                                                                                0x00405ec4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ee7
                                                                                                                                                                                0x00405ee7
                                                                                                                                                                                0x00405eeb
                                                                                                                                                                                0x00406797
                                                                                                                                                                                0x00406797
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406797
                                                                                                                                                                                0x00405ef1
                                                                                                                                                                                0x00405ef4
                                                                                                                                                                                0x00405f04
                                                                                                                                                                                0x00405f07
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0d
                                                                                                                                                                                0x00405f11
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f13
                                                                                                                                                                                0x00405f13
                                                                                                                                                                                0x00405f19
                                                                                                                                                                                0x00405f43
                                                                                                                                                                                0x00405f49
                                                                                                                                                                                0x00405f50
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f50
                                                                                                                                                                                0x00405f1b
                                                                                                                                                                                0x00405f1f
                                                                                                                                                                                0x00405f22
                                                                                                                                                                                0x00405f27
                                                                                                                                                                                0x00405f27
                                                                                                                                                                                0x00405f32
                                                                                                                                                                                0x00405f3a
                                                                                                                                                                                0x00405f3d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f82
                                                                                                                                                                                0x00405f88
                                                                                                                                                                                0x00405f8b
                                                                                                                                                                                0x00405f98
                                                                                                                                                                                0x00405fa0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f57
                                                                                                                                                                                0x00405f57
                                                                                                                                                                                0x00405f5b
                                                                                                                                                                                0x004067a6
                                                                                                                                                                                0x004067a6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067a6
                                                                                                                                                                                0x00405f61
                                                                                                                                                                                0x00405f67
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f75
                                                                                                                                                                                0x00405f78
                                                                                                                                                                                0x00405f7b
                                                                                                                                                                                0x00405f80
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x0040661d
                                                                                                                                                                                0x00406623
                                                                                                                                                                                0x00406629
                                                                                                                                                                                0x00406643
                                                                                                                                                                                0x00406646
                                                                                                                                                                                0x0040664c
                                                                                                                                                                                0x00406657
                                                                                                                                                                                0x00406657
                                                                                                                                                                                0x00406659
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040663a
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x00406663
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406665
                                                                                                                                                                                0x00406669
                                                                                                                                                                                0x00406818
                                                                                                                                                                                0x00406818
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406818
                                                                                                                                                                                0x0040666f
                                                                                                                                                                                0x00406675
                                                                                                                                                                                0x0040667c
                                                                                                                                                                                0x00406684
                                                                                                                                                                                0x00406687
                                                                                                                                                                                0x0040668a
                                                                                                                                                                                0x0040668a
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405fa8
                                                                                                                                                                                0x00405fa8
                                                                                                                                                                                0x00405faa
                                                                                                                                                                                0x00405fad
                                                                                                                                                                                0x0040601e
                                                                                                                                                                                0x0040601e
                                                                                                                                                                                0x00406021
                                                                                                                                                                                0x00406024
                                                                                                                                                                                0x0040602b
                                                                                                                                                                                0x00406035
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406035
                                                                                                                                                                                0x00405faf
                                                                                                                                                                                0x00405faf
                                                                                                                                                                                0x00405fb3
                                                                                                                                                                                0x00405fb6
                                                                                                                                                                                0x00405fb8
                                                                                                                                                                                0x00405fbb
                                                                                                                                                                                0x00405fbe
                                                                                                                                                                                0x00405fc0
                                                                                                                                                                                0x00405fc3
                                                                                                                                                                                0x00405fc5
                                                                                                                                                                                0x00405fca
                                                                                                                                                                                0x00405fcd
                                                                                                                                                                                0x00405fd0
                                                                                                                                                                                0x00405fd4
                                                                                                                                                                                0x00405fdb
                                                                                                                                                                                0x00405fde
                                                                                                                                                                                0x00405fe5
                                                                                                                                                                                0x00405fe9
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405ff5
                                                                                                                                                                                0x00405ff8
                                                                                                                                                                                0x00406016
                                                                                                                                                                                0x00406016
                                                                                                                                                                                0x00406018
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ffa
                                                                                                                                                                                0x00405ffa
                                                                                                                                                                                0x00405ffa
                                                                                                                                                                                0x00405ffd
                                                                                                                                                                                0x00406000
                                                                                                                                                                                0x00406003
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406008
                                                                                                                                                                                0x0040600b
                                                                                                                                                                                0x0040600d
                                                                                                                                                                                0x0040600e
                                                                                                                                                                                0x00406011
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406011
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406247
                                                                                                                                                                                0x00406247
                                                                                                                                                                                0x0040624b
                                                                                                                                                                                0x00406269
                                                                                                                                                                                0x00406269
                                                                                                                                                                                0x0040626c
                                                                                                                                                                                0x00406273
                                                                                                                                                                                0x00406276
                                                                                                                                                                                0x00406279
                                                                                                                                                                                0x0040627c
                                                                                                                                                                                0x0040627f
                                                                                                                                                                                0x00406282
                                                                                                                                                                                0x00406284
                                                                                                                                                                                0x0040628b
                                                                                                                                                                                0x0040628c
                                                                                                                                                                                0x0040628e
                                                                                                                                                                                0x00406291
                                                                                                                                                                                0x00406294
                                                                                                                                                                                0x00406297
                                                                                                                                                                                0x00406297
                                                                                                                                                                                0x0040629c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040629c
                                                                                                                                                                                0x0040624d
                                                                                                                                                                                0x0040624d
                                                                                                                                                                                0x00406250
                                                                                                                                                                                0x00406253
                                                                                                                                                                                0x0040625d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062b1
                                                                                                                                                                                0x004062b1
                                                                                                                                                                                0x004062b5
                                                                                                                                                                                0x004062d8
                                                                                                                                                                                0x004062db
                                                                                                                                                                                0x004062de
                                                                                                                                                                                0x004062e8
                                                                                                                                                                                0x004062b7
                                                                                                                                                                                0x004062b7
                                                                                                                                                                                0x004062ba
                                                                                                                                                                                0x004062bd
                                                                                                                                                                                0x004062c0
                                                                                                                                                                                0x004062cd
                                                                                                                                                                                0x004062d0
                                                                                                                                                                                0x004062d0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062f4
                                                                                                                                                                                0x004062f4
                                                                                                                                                                                0x004062f8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062fe
                                                                                                                                                                                0x004062fe
                                                                                                                                                                                0x00406302
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406308
                                                                                                                                                                                0x00406308
                                                                                                                                                                                0x0040630a
                                                                                                                                                                                0x0040630e
                                                                                                                                                                                0x0040630e
                                                                                                                                                                                0x00406311
                                                                                                                                                                                0x00406315
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406365
                                                                                                                                                                                0x00406365
                                                                                                                                                                                0x00406369
                                                                                                                                                                                0x00406370
                                                                                                                                                                                0x00406370
                                                                                                                                                                                0x00406373
                                                                                                                                                                                0x00406376
                                                                                                                                                                                0x00406380
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406380
                                                                                                                                                                                0x0040636b
                                                                                                                                                                                0x0040636b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040638c
                                                                                                                                                                                0x0040638c
                                                                                                                                                                                0x00406390
                                                                                                                                                                                0x00406397
                                                                                                                                                                                0x0040639a
                                                                                                                                                                                0x0040639d
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x004063a0
                                                                                                                                                                                0x004063a3
                                                                                                                                                                                0x004063a6
                                                                                                                                                                                0x004063a6
                                                                                                                                                                                0x004063a9
                                                                                                                                                                                0x004063ac
                                                                                                                                                                                0x004063af
                                                                                                                                                                                0x004063af
                                                                                                                                                                                0x004063b2
                                                                                                                                                                                0x004063b9
                                                                                                                                                                                0x004063be
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040644c
                                                                                                                                                                                0x0040644c
                                                                                                                                                                                0x00406450
                                                                                                                                                                                0x004067ee
                                                                                                                                                                                0x004067ee
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067ee
                                                                                                                                                                                0x00406456
                                                                                                                                                                                0x00406456
                                                                                                                                                                                0x00406459
                                                                                                                                                                                0x0040645c
                                                                                                                                                                                0x00406460
                                                                                                                                                                                0x00406463
                                                                                                                                                                                0x00406469
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646e
                                                                                                                                                                                0x00406471
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406041
                                                                                                                                                                                0x00406041
                                                                                                                                                                                0x00406045
                                                                                                                                                                                0x004067b2
                                                                                                                                                                                0x004067b2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067b2
                                                                                                                                                                                0x0040604b
                                                                                                                                                                                0x0040604b
                                                                                                                                                                                0x0040604e
                                                                                                                                                                                0x00406051
                                                                                                                                                                                0x00406055
                                                                                                                                                                                0x00406058
                                                                                                                                                                                0x0040605e
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406063
                                                                                                                                                                                0x00406066
                                                                                                                                                                                0x00406066
                                                                                                                                                                                0x00406069
                                                                                                                                                                                0x0040606c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406072
                                                                                                                                                                                0x00406072
                                                                                                                                                                                0x00406078
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040607e
                                                                                                                                                                                0x0040607e
                                                                                                                                                                                0x00406082
                                                                                                                                                                                0x00406085
                                                                                                                                                                                0x00406088
                                                                                                                                                                                0x0040608b
                                                                                                                                                                                0x0040608e
                                                                                                                                                                                0x0040608f
                                                                                                                                                                                0x00406092
                                                                                                                                                                                0x00406094
                                                                                                                                                                                0x0040609a
                                                                                                                                                                                0x0040609d
                                                                                                                                                                                0x004060a0
                                                                                                                                                                                0x004060a3
                                                                                                                                                                                0x004060a6
                                                                                                                                                                                0x004060a9
                                                                                                                                                                                0x004060ac
                                                                                                                                                                                0x004060c8
                                                                                                                                                                                0x004060cb
                                                                                                                                                                                0x004060ce
                                                                                                                                                                                0x004060d1
                                                                                                                                                                                0x004060d8
                                                                                                                                                                                0x004060dc
                                                                                                                                                                                0x004060de
                                                                                                                                                                                0x004060e2
                                                                                                                                                                                0x004060ae
                                                                                                                                                                                0x004060ae
                                                                                                                                                                                0x004060b2
                                                                                                                                                                                0x004060ba
                                                                                                                                                                                0x004060bf
                                                                                                                                                                                0x004060c1
                                                                                                                                                                                0x004060c3
                                                                                                                                                                                0x004060c3
                                                                                                                                                                                0x004060e5
                                                                                                                                                                                0x004060ec
                                                                                                                                                                                0x004060ef
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060f5
                                                                                                                                                                                0x004060f5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060f5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060fa
                                                                                                                                                                                0x004060fa
                                                                                                                                                                                0x004060fe
                                                                                                                                                                                0x004067be
                                                                                                                                                                                0x004067be
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067be
                                                                                                                                                                                0x00406104
                                                                                                                                                                                0x00406104
                                                                                                                                                                                0x00406107
                                                                                                                                                                                0x0040610a
                                                                                                                                                                                0x0040610e
                                                                                                                                                                                0x00406111
                                                                                                                                                                                0x00406117
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x0040611c
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x00406125
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406127
                                                                                                                                                                                0x00406127
                                                                                                                                                                                0x0040612a
                                                                                                                                                                                0x0040612d
                                                                                                                                                                                0x00406130
                                                                                                                                                                                0x00406133
                                                                                                                                                                                0x00406136
                                                                                                                                                                                0x00406139
                                                                                                                                                                                0x0040613c
                                                                                                                                                                                0x0040613f
                                                                                                                                                                                0x00406142
                                                                                                                                                                                0x00406145
                                                                                                                                                                                0x0040615d
                                                                                                                                                                                0x00406160
                                                                                                                                                                                0x00406163
                                                                                                                                                                                0x00406166
                                                                                                                                                                                0x00406166
                                                                                                                                                                                0x00406169
                                                                                                                                                                                0x0040616d
                                                                                                                                                                                0x0040616f
                                                                                                                                                                                0x00406147
                                                                                                                                                                                0x00406147
                                                                                                                                                                                0x0040614f
                                                                                                                                                                                0x00406154
                                                                                                                                                                                0x00406156
                                                                                                                                                                                0x00406158
                                                                                                                                                                                0x00406158
                                                                                                                                                                                0x00406172
                                                                                                                                                                                0x00406179
                                                                                                                                                                                0x0040617c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040617e
                                                                                                                                                                                0x0040617e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040617e
                                                                                                                                                                                0x0040617c
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004061be
                                                                                                                                                                                0x004061be
                                                                                                                                                                                0x004061c2
                                                                                                                                                                                0x004067ca
                                                                                                                                                                                0x004067ca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067ca
                                                                                                                                                                                0x004061c8
                                                                                                                                                                                0x004061c8
                                                                                                                                                                                0x004061cb
                                                                                                                                                                                0x004061ce
                                                                                                                                                                                0x004061d2
                                                                                                                                                                                0x004061d5
                                                                                                                                                                                0x004061db
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061e0
                                                                                                                                                                                0x004061e3
                                                                                                                                                                                0x004061e3
                                                                                                                                                                                0x004061e9
                                                                                                                                                                                0x00406187
                                                                                                                                                                                0x00406187
                                                                                                                                                                                0x0040618a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040618a
                                                                                                                                                                                0x004061eb
                                                                                                                                                                                0x004061eb
                                                                                                                                                                                0x004061ee
                                                                                                                                                                                0x004061f1
                                                                                                                                                                                0x004061f4
                                                                                                                                                                                0x004061f7
                                                                                                                                                                                0x004061fa
                                                                                                                                                                                0x004061fd
                                                                                                                                                                                0x00406200
                                                                                                                                                                                0x00406203
                                                                                                                                                                                0x00406206
                                                                                                                                                                                0x00406209
                                                                                                                                                                                0x00406221
                                                                                                                                                                                0x00406224
                                                                                                                                                                                0x00406227
                                                                                                                                                                                0x0040622a
                                                                                                                                                                                0x0040622a
                                                                                                                                                                                0x0040622d
                                                                                                                                                                                0x00406231
                                                                                                                                                                                0x00406233
                                                                                                                                                                                0x0040620b
                                                                                                                                                                                0x0040620b
                                                                                                                                                                                0x00406213
                                                                                                                                                                                0x00406218
                                                                                                                                                                                0x0040621a
                                                                                                                                                                                0x0040621c
                                                                                                                                                                                0x0040621c
                                                                                                                                                                                0x00406236
                                                                                                                                                                                0x0040623d
                                                                                                                                                                                0x00406240
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406242
                                                                                                                                                                                0x00406242
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406242
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064cf
                                                                                                                                                                                0x004064cf
                                                                                                                                                                                0x004064d3
                                                                                                                                                                                0x004067fa
                                                                                                                                                                                0x004067fa
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067fa
                                                                                                                                                                                0x004064d9
                                                                                                                                                                                0x004064d9
                                                                                                                                                                                0x004064dc
                                                                                                                                                                                0x004064df
                                                                                                                                                                                0x004064e3
                                                                                                                                                                                0x004064e6
                                                                                                                                                                                0x004064ec
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064f1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040629f
                                                                                                                                                                                0x0040629f
                                                                                                                                                                                0x004062a2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065de
                                                                                                                                                                                0x004065de
                                                                                                                                                                                0x004065e2
                                                                                                                                                                                0x00406604
                                                                                                                                                                                0x00406604
                                                                                                                                                                                0x00406607
                                                                                                                                                                                0x00406611
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x004065e4
                                                                                                                                                                                0x004065e4
                                                                                                                                                                                0x004065e7
                                                                                                                                                                                0x004065eb
                                                                                                                                                                                0x004065ee
                                                                                                                                                                                0x004065ee
                                                                                                                                                                                0x004065f1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040669b
                                                                                                                                                                                0x0040669b
                                                                                                                                                                                0x0040669f
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066c4
                                                                                                                                                                                0x004066cb
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066dc
                                                                                                                                                                                0x004066e3
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066e6
                                                                                                                                                                                0x004066a1
                                                                                                                                                                                0x004066a1
                                                                                                                                                                                0x004066a4
                                                                                                                                                                                0x004066a7
                                                                                                                                                                                0x004066aa
                                                                                                                                                                                0x004066b1
                                                                                                                                                                                0x004065f5
                                                                                                                                                                                0x004065f5
                                                                                                                                                                                0x004065f8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040678c
                                                                                                                                                                                0x0040678c
                                                                                                                                                                                0x0040678f
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406696
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004063c6
                                                                                                                                                                                0x004063c6
                                                                                                                                                                                0x004063c8
                                                                                                                                                                                0x004063cf
                                                                                                                                                                                0x004063d0
                                                                                                                                                                                0x004063d2
                                                                                                                                                                                0x004063d5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066dc
                                                                                                                                                                                0x004066e3
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066e6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040640b
                                                                                                                                                                                0x0040640b
                                                                                                                                                                                0x0040640e
                                                                                                                                                                                0x00406444
                                                                                                                                                                                0x00406444
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406577
                                                                                                                                                                                0x00406577
                                                                                                                                                                                0x0040657a
                                                                                                                                                                                0x0040657c
                                                                                                                                                                                0x00406806
                                                                                                                                                                                0x00406806
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406806
                                                                                                                                                                                0x00406582
                                                                                                                                                                                0x00406582
                                                                                                                                                                                0x00406585
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040658b
                                                                                                                                                                                0x0040658b
                                                                                                                                                                                0x0040658f
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406410
                                                                                                                                                                                0x00406410
                                                                                                                                                                                0x00406412
                                                                                                                                                                                0x00406414
                                                                                                                                                                                0x00406416
                                                                                                                                                                                0x00406419
                                                                                                                                                                                0x0040641a
                                                                                                                                                                                0x0040641c
                                                                                                                                                                                0x0040641e
                                                                                                                                                                                0x00406421
                                                                                                                                                                                0x00406424
                                                                                                                                                                                0x0040643a
                                                                                                                                                                                0x0040643a
                                                                                                                                                                                0x0040643f
                                                                                                                                                                                0x00406477
                                                                                                                                                                                0x00406477
                                                                                                                                                                                0x0040647b
                                                                                                                                                                                0x004064a4
                                                                                                                                                                                0x004064a7
                                                                                                                                                                                0x004064a9
                                                                                                                                                                                0x004064b0
                                                                                                                                                                                0x004064b3
                                                                                                                                                                                0x004064b6
                                                                                                                                                                                0x004064b6
                                                                                                                                                                                0x004064bb
                                                                                                                                                                                0x004064bb
                                                                                                                                                                                0x004064bd
                                                                                                                                                                                0x004064c0
                                                                                                                                                                                0x004064c7
                                                                                                                                                                                0x004064ca
                                                                                                                                                                                0x004064f7
                                                                                                                                                                                0x004064f7
                                                                                                                                                                                0x004064fa
                                                                                                                                                                                0x004064fd
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x004064ff
                                                                                                                                                                                0x004064ff
                                                                                                                                                                                0x00406505
                                                                                                                                                                                0x00406508
                                                                                                                                                                                0x0040650b
                                                                                                                                                                                0x0040650e
                                                                                                                                                                                0x00406511
                                                                                                                                                                                0x00406514
                                                                                                                                                                                0x00406517
                                                                                                                                                                                0x0040651a
                                                                                                                                                                                0x0040651d
                                                                                                                                                                                0x00406520
                                                                                                                                                                                0x00406539
                                                                                                                                                                                0x0040653b
                                                                                                                                                                                0x0040653e
                                                                                                                                                                                0x0040653f
                                                                                                                                                                                0x00406542
                                                                                                                                                                                0x00406544
                                                                                                                                                                                0x00406547
                                                                                                                                                                                0x00406549
                                                                                                                                                                                0x0040654b
                                                                                                                                                                                0x0040654e
                                                                                                                                                                                0x00406550
                                                                                                                                                                                0x00406553
                                                                                                                                                                                0x00406557
                                                                                                                                                                                0x00406559
                                                                                                                                                                                0x00406559
                                                                                                                                                                                0x0040655a
                                                                                                                                                                                0x0040655d
                                                                                                                                                                                0x00406560
                                                                                                                                                                                0x00406522
                                                                                                                                                                                0x00406522
                                                                                                                                                                                0x0040652a
                                                                                                                                                                                0x0040652f
                                                                                                                                                                                0x00406531
                                                                                                                                                                                0x00406534
                                                                                                                                                                                0x00406534
                                                                                                                                                                                0x00406563
                                                                                                                                                                                0x0040656a
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040656c
                                                                                                                                                                                0x0040656c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040656c
                                                                                                                                                                                0x0040656a
                                                                                                                                                                                0x0040647d
                                                                                                                                                                                0x0040647d
                                                                                                                                                                                0x00406480
                                                                                                                                                                                0x00406482
                                                                                                                                                                                0x00406485
                                                                                                                                                                                0x00406488
                                                                                                                                                                                0x0040648b
                                                                                                                                                                                0x0040648d
                                                                                                                                                                                0x00406490
                                                                                                                                                                                0x00406493
                                                                                                                                                                                0x00406493
                                                                                                                                                                                0x00406496
                                                                                                                                                                                0x00406496
                                                                                                                                                                                0x00406499
                                                                                                                                                                                0x004064a0
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064a2
                                                                                                                                                                                0x004064a2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064a2
                                                                                                                                                                                0x004064a0
                                                                                                                                                                                0x00406426
                                                                                                                                                                                0x00406426
                                                                                                                                                                                0x00406429
                                                                                                                                                                                0x0040642b
                                                                                                                                                                                0x0040642e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040618d
                                                                                                                                                                                0x0040618d
                                                                                                                                                                                0x00406191
                                                                                                                                                                                0x004067d6
                                                                                                                                                                                0x004067d6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067d6
                                                                                                                                                                                0x00406197
                                                                                                                                                                                0x00406197
                                                                                                                                                                                0x0040619a
                                                                                                                                                                                0x0040619d
                                                                                                                                                                                0x004061a0
                                                                                                                                                                                0x004061a3
                                                                                                                                                                                0x004061a6
                                                                                                                                                                                0x004061a9
                                                                                                                                                                                0x004061ab
                                                                                                                                                                                0x004061ae
                                                                                                                                                                                0x004061b1
                                                                                                                                                                                0x004061b4
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406318
                                                                                                                                                                                0x00406318
                                                                                                                                                                                0x0040631c
                                                                                                                                                                                0x004067e2
                                                                                                                                                                                0x004067e2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067e2
                                                                                                                                                                                0x00406322
                                                                                                                                                                                0x00406322
                                                                                                                                                                                0x00406325
                                                                                                                                                                                0x00406328
                                                                                                                                                                                0x0040632b
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x00406330
                                                                                                                                                                                0x00406333
                                                                                                                                                                                0x00406336
                                                                                                                                                                                0x00406339
                                                                                                                                                                                0x0040633c
                                                                                                                                                                                0x0040633f
                                                                                                                                                                                0x00406340
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406345
                                                                                                                                                                                0x00406348
                                                                                                                                                                                0x0040634b
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x00406351
                                                                                                                                                                                0x00406353
                                                                                                                                                                                0x00406353
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406599
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040659f
                                                                                                                                                                                0x0040659f
                                                                                                                                                                                0x004065a2
                                                                                                                                                                                0x004065a5
                                                                                                                                                                                0x004065a8
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065ad
                                                                                                                                                                                0x004065b0
                                                                                                                                                                                0x004065b3
                                                                                                                                                                                0x004065b6
                                                                                                                                                                                0x004065b9
                                                                                                                                                                                0x004065bc
                                                                                                                                                                                0x004065bd
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065c2
                                                                                                                                                                                0x004065c5
                                                                                                                                                                                0x004065c8
                                                                                                                                                                                0x004065cb
                                                                                                                                                                                0x004065ce
                                                                                                                                                                                0x004065d2
                                                                                                                                                                                0x004065d4
                                                                                                                                                                                0x004065d7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065d9
                                                                                                                                                                                0x004065d9
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x004065d7
                                                                                                                                                                                0x0040680c
                                                                                                                                                                                0x0040680c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e3b
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406710
                                                                                                                                                                                0x004066d9

                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8ad8b3a7fce677aa33c13c02e3180aa90519ee056083dbfcd0f6a1ae91265e6c
                                                                                                                                                                                • Instruction ID: 95af8839098f806f541805b71f16133a603fad5641f47eebb8f014e75b9041d1
                                                                                                                                                                                • Opcode Fuzzy Hash: 8ad8b3a7fce677aa33c13c02e3180aa90519ee056083dbfcd0f6a1ae91265e6c
                                                                                                                                                                                • Instruction Fuzzy Hash: 58A13371D00229CBDF28CFA8C8447ADBBB1FF44305F25856AD856BB281D7789A86DF44
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004065DE, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                                                			E004065DE() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M0040684B))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4)); // executed
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065de
                                                                                                                                                                                0x004065de
                                                                                                                                                                                0x004065e2
                                                                                                                                                                                0x00406607
                                                                                                                                                                                0x00406611
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065e4
                                                                                                                                                                                0x004065e4
                                                                                                                                                                                0x004065e7
                                                                                                                                                                                0x004065eb
                                                                                                                                                                                0x004065ee
                                                                                                                                                                                0x004065f1
                                                                                                                                                                                0x004065f5
                                                                                                                                                                                0x004065f5
                                                                                                                                                                                0x004065f8
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066dc
                                                                                                                                                                                0x004066e3
                                                                                                                                                                                0x00406710
                                                                                                                                                                                0x00406714
                                                                                                                                                                                0x00406774
                                                                                                                                                                                0x00406777
                                                                                                                                                                                0x0040677c
                                                                                                                                                                                0x0040677d
                                                                                                                                                                                0x0040677f
                                                                                                                                                                                0x00406781
                                                                                                                                                                                0x00406784
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e35
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e3b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e46
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e4f
                                                                                                                                                                                0x00405e52
                                                                                                                                                                                0x00405e55
                                                                                                                                                                                0x00405e59
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e5f
                                                                                                                                                                                0x00405e62
                                                                                                                                                                                0x00405e64
                                                                                                                                                                                0x00405e65
                                                                                                                                                                                0x00405e68
                                                                                                                                                                                0x00405e6a
                                                                                                                                                                                0x00405e6b
                                                                                                                                                                                0x00405e6d
                                                                                                                                                                                0x00405e70
                                                                                                                                                                                0x00405e75
                                                                                                                                                                                0x00405e7a
                                                                                                                                                                                0x00405e83
                                                                                                                                                                                0x00405e96
                                                                                                                                                                                0x00405e99
                                                                                                                                                                                0x00405ea5
                                                                                                                                                                                0x00405ecd
                                                                                                                                                                                0x00405ecf
                                                                                                                                                                                0x00405edd
                                                                                                                                                                                0x00405edd
                                                                                                                                                                                0x00405ee1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ed4
                                                                                                                                                                                0x00405ed5
                                                                                                                                                                                0x00405ed5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405eab
                                                                                                                                                                                0x00405eb0
                                                                                                                                                                                0x00405eb0
                                                                                                                                                                                0x00405eb9
                                                                                                                                                                                0x00405ec1
                                                                                                                                                                                0x00405ec4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ee7
                                                                                                                                                                                0x00405ee7
                                                                                                                                                                                0x00405eeb
                                                                                                                                                                                0x00406797
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406797
                                                                                                                                                                                0x00405ef4
                                                                                                                                                                                0x00405f04
                                                                                                                                                                                0x00405f07
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0d
                                                                                                                                                                                0x00405f11
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f13
                                                                                                                                                                                0x00405f19
                                                                                                                                                                                0x00405f43
                                                                                                                                                                                0x00405f49
                                                                                                                                                                                0x00405f50
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f50
                                                                                                                                                                                0x00405f1f
                                                                                                                                                                                0x00405f22
                                                                                                                                                                                0x00405f27
                                                                                                                                                                                0x00405f27
                                                                                                                                                                                0x00405f32
                                                                                                                                                                                0x00405f3a
                                                                                                                                                                                0x00405f3d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f82
                                                                                                                                                                                0x00405f88
                                                                                                                                                                                0x00405f8b
                                                                                                                                                                                0x00405f98
                                                                                                                                                                                0x00405fa0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f57
                                                                                                                                                                                0x00405f57
                                                                                                                                                                                0x00405f5b
                                                                                                                                                                                0x004067a6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067a6
                                                                                                                                                                                0x00405f67
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f75
                                                                                                                                                                                0x00405f78
                                                                                                                                                                                0x00405f7b
                                                                                                                                                                                0x00405f80
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x0040661d
                                                                                                                                                                                0x00406623
                                                                                                                                                                                0x00406629
                                                                                                                                                                                0x00406643
                                                                                                                                                                                0x00406646
                                                                                                                                                                                0x0040664c
                                                                                                                                                                                0x00406657
                                                                                                                                                                                0x00406657
                                                                                                                                                                                0x00406659
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040663a
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x00406663
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406665
                                                                                                                                                                                0x00406669
                                                                                                                                                                                0x00406818
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406818
                                                                                                                                                                                0x00406675
                                                                                                                                                                                0x0040667c
                                                                                                                                                                                0x00406684
                                                                                                                                                                                0x00406687
                                                                                                                                                                                0x0040668a
                                                                                                                                                                                0x0040668a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405fa8
                                                                                                                                                                                0x00405faa
                                                                                                                                                                                0x00405fad
                                                                                                                                                                                0x0040601e
                                                                                                                                                                                0x00406021
                                                                                                                                                                                0x00406024
                                                                                                                                                                                0x0040602b
                                                                                                                                                                                0x00406035
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406035
                                                                                                                                                                                0x00405faf
                                                                                                                                                                                0x00405fb3
                                                                                                                                                                                0x00405fb6
                                                                                                                                                                                0x00405fb8
                                                                                                                                                                                0x00405fbb
                                                                                                                                                                                0x00405fbe
                                                                                                                                                                                0x00405fc0
                                                                                                                                                                                0x00405fc3
                                                                                                                                                                                0x00405fc5
                                                                                                                                                                                0x00405fca
                                                                                                                                                                                0x00405fcd
                                                                                                                                                                                0x00405fd0
                                                                                                                                                                                0x00405fd4
                                                                                                                                                                                0x00405fdb
                                                                                                                                                                                0x00405fde
                                                                                                                                                                                0x00405fe5
                                                                                                                                                                                0x00405fe9
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405ff5
                                                                                                                                                                                0x00405ff8
                                                                                                                                                                                0x00406016
                                                                                                                                                                                0x00406018
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ffa
                                                                                                                                                                                0x00405ffa
                                                                                                                                                                                0x00405ffd
                                                                                                                                                                                0x00406000
                                                                                                                                                                                0x00406003
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406008
                                                                                                                                                                                0x0040600b
                                                                                                                                                                                0x0040600d
                                                                                                                                                                                0x0040600e
                                                                                                                                                                                0x00406011
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406011
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406247
                                                                                                                                                                                0x0040624b
                                                                                                                                                                                0x00406269
                                                                                                                                                                                0x0040626c
                                                                                                                                                                                0x00406273
                                                                                                                                                                                0x00406276
                                                                                                                                                                                0x00406279
                                                                                                                                                                                0x0040627c
                                                                                                                                                                                0x0040627f
                                                                                                                                                                                0x00406282
                                                                                                                                                                                0x00406284
                                                                                                                                                                                0x0040628b
                                                                                                                                                                                0x0040628c
                                                                                                                                                                                0x0040628e
                                                                                                                                                                                0x00406291
                                                                                                                                                                                0x00406294
                                                                                                                                                                                0x00406297
                                                                                                                                                                                0x00406297
                                                                                                                                                                                0x0040629c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040629c
                                                                                                                                                                                0x0040624d
                                                                                                                                                                                0x00406250
                                                                                                                                                                                0x00406253
                                                                                                                                                                                0x0040625d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062b1
                                                                                                                                                                                0x004062b5
                                                                                                                                                                                0x004062d8
                                                                                                                                                                                0x004062db
                                                                                                                                                                                0x004062de
                                                                                                                                                                                0x004062e8
                                                                                                                                                                                0x004062b7
                                                                                                                                                                                0x004062b7
                                                                                                                                                                                0x004062ba
                                                                                                                                                                                0x004062bd
                                                                                                                                                                                0x004062c0
                                                                                                                                                                                0x004062cd
                                                                                                                                                                                0x004062d0
                                                                                                                                                                                0x004062d0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062f4
                                                                                                                                                                                0x004062f8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062fe
                                                                                                                                                                                0x00406302
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406308
                                                                                                                                                                                0x0040630a
                                                                                                                                                                                0x0040630e
                                                                                                                                                                                0x0040630e
                                                                                                                                                                                0x00406311
                                                                                                                                                                                0x00406315
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406365
                                                                                                                                                                                0x00406369
                                                                                                                                                                                0x00406370
                                                                                                                                                                                0x00406373
                                                                                                                                                                                0x00406376
                                                                                                                                                                                0x00406380
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406380
                                                                                                                                                                                0x0040636b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040638c
                                                                                                                                                                                0x00406390
                                                                                                                                                                                0x00406397
                                                                                                                                                                                0x0040639a
                                                                                                                                                                                0x0040639d
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x004063a0
                                                                                                                                                                                0x004063a3
                                                                                                                                                                                0x004063a6
                                                                                                                                                                                0x004063a6
                                                                                                                                                                                0x004063a9
                                                                                                                                                                                0x004063ac
                                                                                                                                                                                0x004063af
                                                                                                                                                                                0x004063af
                                                                                                                                                                                0x004063b2
                                                                                                                                                                                0x004063b9
                                                                                                                                                                                0x004063be
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040644c
                                                                                                                                                                                0x0040644c
                                                                                                                                                                                0x00406450
                                                                                                                                                                                0x004067ee
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067ee
                                                                                                                                                                                0x00406456
                                                                                                                                                                                0x00406459
                                                                                                                                                                                0x0040645c
                                                                                                                                                                                0x00406460
                                                                                                                                                                                0x00406463
                                                                                                                                                                                0x00406469
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646e
                                                                                                                                                                                0x00406471
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406041
                                                                                                                                                                                0x00406041
                                                                                                                                                                                0x00406045
                                                                                                                                                                                0x004067b2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067b2
                                                                                                                                                                                0x0040604b
                                                                                                                                                                                0x0040604e
                                                                                                                                                                                0x00406051
                                                                                                                                                                                0x00406055
                                                                                                                                                                                0x00406058
                                                                                                                                                                                0x0040605e
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406063
                                                                                                                                                                                0x00406066
                                                                                                                                                                                0x00406066
                                                                                                                                                                                0x00406069
                                                                                                                                                                                0x0040606c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406072
                                                                                                                                                                                0x00406078
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040607e
                                                                                                                                                                                0x0040607e
                                                                                                                                                                                0x00406082
                                                                                                                                                                                0x00406085
                                                                                                                                                                                0x00406088
                                                                                                                                                                                0x0040608b
                                                                                                                                                                                0x0040608e
                                                                                                                                                                                0x0040608f
                                                                                                                                                                                0x00406092
                                                                                                                                                                                0x00406094
                                                                                                                                                                                0x0040609a
                                                                                                                                                                                0x0040609d
                                                                                                                                                                                0x004060a0
                                                                                                                                                                                0x004060a3
                                                                                                                                                                                0x004060a6
                                                                                                                                                                                0x004060a9
                                                                                                                                                                                0x004060ac
                                                                                                                                                                                0x004060c8
                                                                                                                                                                                0x004060cb
                                                                                                                                                                                0x004060ce
                                                                                                                                                                                0x004060d1
                                                                                                                                                                                0x004060d8
                                                                                                                                                                                0x004060dc
                                                                                                                                                                                0x004060de
                                                                                                                                                                                0x004060e2
                                                                                                                                                                                0x004060ae
                                                                                                                                                                                0x004060ae
                                                                                                                                                                                0x004060b2
                                                                                                                                                                                0x004060ba
                                                                                                                                                                                0x004060bf
                                                                                                                                                                                0x004060c1
                                                                                                                                                                                0x004060c3
                                                                                                                                                                                0x004060c3
                                                                                                                                                                                0x004060e5
                                                                                                                                                                                0x004060ec
                                                                                                                                                                                0x004060ef
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060f5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060f5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060fa
                                                                                                                                                                                0x004060fa
                                                                                                                                                                                0x004060fe
                                                                                                                                                                                0x004067be
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067be
                                                                                                                                                                                0x00406104
                                                                                                                                                                                0x00406107
                                                                                                                                                                                0x0040610a
                                                                                                                                                                                0x0040610e
                                                                                                                                                                                0x00406111
                                                                                                                                                                                0x00406117
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x0040611c
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x00406125
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406127
                                                                                                                                                                                0x0040612a
                                                                                                                                                                                0x0040612d
                                                                                                                                                                                0x00406130
                                                                                                                                                                                0x00406133
                                                                                                                                                                                0x00406136
                                                                                                                                                                                0x00406139
                                                                                                                                                                                0x0040613c
                                                                                                                                                                                0x0040613f
                                                                                                                                                                                0x00406142
                                                                                                                                                                                0x00406145
                                                                                                                                                                                0x0040615d
                                                                                                                                                                                0x00406160
                                                                                                                                                                                0x00406163
                                                                                                                                                                                0x00406166
                                                                                                                                                                                0x00406166
                                                                                                                                                                                0x00406169
                                                                                                                                                                                0x0040616d
                                                                                                                                                                                0x0040616f
                                                                                                                                                                                0x00406147
                                                                                                                                                                                0x00406147
                                                                                                                                                                                0x0040614f
                                                                                                                                                                                0x00406154
                                                                                                                                                                                0x00406156
                                                                                                                                                                                0x00406158
                                                                                                                                                                                0x00406158
                                                                                                                                                                                0x00406172
                                                                                                                                                                                0x00406179
                                                                                                                                                                                0x0040617c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040617e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040617e
                                                                                                                                                                                0x0040617c
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004061be
                                                                                                                                                                                0x004061be
                                                                                                                                                                                0x004061c2
                                                                                                                                                                                0x004067ca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067ca
                                                                                                                                                                                0x004061c8
                                                                                                                                                                                0x004061cb
                                                                                                                                                                                0x004061ce
                                                                                                                                                                                0x004061d2
                                                                                                                                                                                0x004061d5
                                                                                                                                                                                0x004061db
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061e0
                                                                                                                                                                                0x004061e3
                                                                                                                                                                                0x004061e3
                                                                                                                                                                                0x004061e9
                                                                                                                                                                                0x00406187
                                                                                                                                                                                0x00406187
                                                                                                                                                                                0x0040618a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040618a
                                                                                                                                                                                0x004061eb
                                                                                                                                                                                0x004061eb
                                                                                                                                                                                0x004061ee
                                                                                                                                                                                0x004061f1
                                                                                                                                                                                0x004061f4
                                                                                                                                                                                0x004061f7
                                                                                                                                                                                0x004061fa
                                                                                                                                                                                0x004061fd
                                                                                                                                                                                0x00406200
                                                                                                                                                                                0x00406203
                                                                                                                                                                                0x00406206
                                                                                                                                                                                0x00406209
                                                                                                                                                                                0x00406221
                                                                                                                                                                                0x00406224
                                                                                                                                                                                0x00406227
                                                                                                                                                                                0x0040622a
                                                                                                                                                                                0x0040622a
                                                                                                                                                                                0x0040622d
                                                                                                                                                                                0x00406231
                                                                                                                                                                                0x00406233
                                                                                                                                                                                0x0040620b
                                                                                                                                                                                0x0040620b
                                                                                                                                                                                0x00406213
                                                                                                                                                                                0x00406218
                                                                                                                                                                                0x0040621a
                                                                                                                                                                                0x0040621c
                                                                                                                                                                                0x0040621c
                                                                                                                                                                                0x00406236
                                                                                                                                                                                0x0040623d
                                                                                                                                                                                0x00406240
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406242
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406242
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064cf
                                                                                                                                                                                0x004064cf
                                                                                                                                                                                0x004064d3
                                                                                                                                                                                0x004067fa
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067fa
                                                                                                                                                                                0x004064d9
                                                                                                                                                                                0x004064dc
                                                                                                                                                                                0x004064df
                                                                                                                                                                                0x004064e3
                                                                                                                                                                                0x004064e6
                                                                                                                                                                                0x004064ec
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064f1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040629f
                                                                                                                                                                                0x0040629f
                                                                                                                                                                                0x004062a2
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040669b
                                                                                                                                                                                0x0040669f
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066c4
                                                                                                                                                                                0x004066cb
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066cb
                                                                                                                                                                                0x004066a1
                                                                                                                                                                                0x004066a4
                                                                                                                                                                                0x004066a7
                                                                                                                                                                                0x004066aa
                                                                                                                                                                                0x004066b1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040678c
                                                                                                                                                                                0x0040678f
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004063c6
                                                                                                                                                                                0x004063c8
                                                                                                                                                                                0x004063cf
                                                                                                                                                                                0x004063d0
                                                                                                                                                                                0x004063d2
                                                                                                                                                                                0x004063d5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004063dd
                                                                                                                                                                                0x004063e0
                                                                                                                                                                                0x004063e3
                                                                                                                                                                                0x004063e5
                                                                                                                                                                                0x004063e7
                                                                                                                                                                                0x004063e7
                                                                                                                                                                                0x004063e8
                                                                                                                                                                                0x004063eb
                                                                                                                                                                                0x004063f2
                                                                                                                                                                                0x004063f5
                                                                                                                                                                                0x00406403
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066e8
                                                                                                                                                                                0x004066e8
                                                                                                                                                                                0x004066ec
                                                                                                                                                                                0x00406824
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406824
                                                                                                                                                                                0x004066f2
                                                                                                                                                                                0x004066f5
                                                                                                                                                                                0x004066f8
                                                                                                                                                                                0x004066fc
                                                                                                                                                                                0x004066ff
                                                                                                                                                                                0x00406705
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x0040670a
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040640b
                                                                                                                                                                                0x0040640e
                                                                                                                                                                                0x00406444
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406577
                                                                                                                                                                                0x00406577
                                                                                                                                                                                0x0040657a
                                                                                                                                                                                0x0040657c
                                                                                                                                                                                0x00406806
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406806
                                                                                                                                                                                0x00406582
                                                                                                                                                                                0x00406585
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040658b
                                                                                                                                                                                0x0040658f
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406410
                                                                                                                                                                                0x00406412
                                                                                                                                                                                0x00406414
                                                                                                                                                                                0x00406416
                                                                                                                                                                                0x00406419
                                                                                                                                                                                0x0040641a
                                                                                                                                                                                0x0040641c
                                                                                                                                                                                0x0040641e
                                                                                                                                                                                0x00406421
                                                                                                                                                                                0x00406424
                                                                                                                                                                                0x0040643a
                                                                                                                                                                                0x0040643f
                                                                                                                                                                                0x00406477
                                                                                                                                                                                0x00406477
                                                                                                                                                                                0x0040647b
                                                                                                                                                                                0x004064a7
                                                                                                                                                                                0x004064a9
                                                                                                                                                                                0x004064b0
                                                                                                                                                                                0x004064b3
                                                                                                                                                                                0x004064b6
                                                                                                                                                                                0x004064b6
                                                                                                                                                                                0x004064bb
                                                                                                                                                                                0x004064bb
                                                                                                                                                                                0x004064bd
                                                                                                                                                                                0x004064c0
                                                                                                                                                                                0x004064c7
                                                                                                                                                                                0x004064ca
                                                                                                                                                                                0x004064f7
                                                                                                                                                                                0x004064f7
                                                                                                                                                                                0x004064fa
                                                                                                                                                                                0x004064fd
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x004064ff
                                                                                                                                                                                0x00406505
                                                                                                                                                                                0x00406508
                                                                                                                                                                                0x0040650b
                                                                                                                                                                                0x0040650e
                                                                                                                                                                                0x00406511
                                                                                                                                                                                0x00406514
                                                                                                                                                                                0x00406517
                                                                                                                                                                                0x0040651a
                                                                                                                                                                                0x0040651d
                                                                                                                                                                                0x00406520
                                                                                                                                                                                0x00406539
                                                                                                                                                                                0x0040653b
                                                                                                                                                                                0x0040653e
                                                                                                                                                                                0x0040653f
                                                                                                                                                                                0x00406542
                                                                                                                                                                                0x00406544
                                                                                                                                                                                0x00406547
                                                                                                                                                                                0x00406549
                                                                                                                                                                                0x0040654b
                                                                                                                                                                                0x0040654e
                                                                                                                                                                                0x00406550
                                                                                                                                                                                0x00406553
                                                                                                                                                                                0x00406557
                                                                                                                                                                                0x00406559
                                                                                                                                                                                0x00406559
                                                                                                                                                                                0x0040655a
                                                                                                                                                                                0x0040655d
                                                                                                                                                                                0x00406560
                                                                                                                                                                                0x00406522
                                                                                                                                                                                0x00406522
                                                                                                                                                                                0x0040652a
                                                                                                                                                                                0x0040652f
                                                                                                                                                                                0x00406531
                                                                                                                                                                                0x00406534
                                                                                                                                                                                0x00406534
                                                                                                                                                                                0x00406563
                                                                                                                                                                                0x0040656a
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040656c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040656c
                                                                                                                                                                                0x0040656a
                                                                                                                                                                                0x0040647d
                                                                                                                                                                                0x00406480
                                                                                                                                                                                0x00406482
                                                                                                                                                                                0x00406485
                                                                                                                                                                                0x00406488
                                                                                                                                                                                0x0040648b
                                                                                                                                                                                0x0040648d
                                                                                                                                                                                0x00406490
                                                                                                                                                                                0x00406493
                                                                                                                                                                                0x00406493
                                                                                                                                                                                0x00406496
                                                                                                                                                                                0x00406496
                                                                                                                                                                                0x00406499
                                                                                                                                                                                0x004064a0
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064a2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064a2
                                                                                                                                                                                0x004064a0
                                                                                                                                                                                0x00406426
                                                                                                                                                                                0x00406429
                                                                                                                                                                                0x0040642b
                                                                                                                                                                                0x0040642e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040618d
                                                                                                                                                                                0x0040618d
                                                                                                                                                                                0x00406191
                                                                                                                                                                                0x004067d6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067d6
                                                                                                                                                                                0x00406197
                                                                                                                                                                                0x0040619a
                                                                                                                                                                                0x0040619d
                                                                                                                                                                                0x004061a0
                                                                                                                                                                                0x004061a3
                                                                                                                                                                                0x004061a6
                                                                                                                                                                                0x004061a9
                                                                                                                                                                                0x004061ab
                                                                                                                                                                                0x004061ae
                                                                                                                                                                                0x004061b1
                                                                                                                                                                                0x004061b4
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406318
                                                                                                                                                                                0x00406318
                                                                                                                                                                                0x0040631c
                                                                                                                                                                                0x004067e2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067e2
                                                                                                                                                                                0x00406322
                                                                                                                                                                                0x00406325
                                                                                                                                                                                0x00406328
                                                                                                                                                                                0x0040632b
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x00406330
                                                                                                                                                                                0x00406333
                                                                                                                                                                                0x00406336
                                                                                                                                                                                0x00406339
                                                                                                                                                                                0x0040633c
                                                                                                                                                                                0x0040633f
                                                                                                                                                                                0x00406340
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406345
                                                                                                                                                                                0x00406348
                                                                                                                                                                                0x0040634b
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x00406351
                                                                                                                                                                                0x00406353
                                                                                                                                                                                0x00406353
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406599
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040659f
                                                                                                                                                                                0x004065a2
                                                                                                                                                                                0x004065a5
                                                                                                                                                                                0x004065a8
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065ad
                                                                                                                                                                                0x004065b0
                                                                                                                                                                                0x004065b3
                                                                                                                                                                                0x004065b6
                                                                                                                                                                                0x004065b9
                                                                                                                                                                                0x004065bc
                                                                                                                                                                                0x004065bd
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065c2
                                                                                                                                                                                0x004065c5
                                                                                                                                                                                0x004065c8
                                                                                                                                                                                0x004065cb
                                                                                                                                                                                0x004065ce
                                                                                                                                                                                0x004065d2
                                                                                                                                                                                0x004065d4
                                                                                                                                                                                0x004065d7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065d9
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x004065d7
                                                                                                                                                                                0x0040680c
                                                                                                                                                                                0x0040682e
                                                                                                                                                                                0x00406834
                                                                                                                                                                                0x00406836
                                                                                                                                                                                0x0040683d
                                                                                                                                                                                0x0040683f
                                                                                                                                                                                0x00406846
                                                                                                                                                                                0x0040684a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e3b
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406716
                                                                                                                                                                                0x0040671c
                                                                                                                                                                                0x0040671f
                                                                                                                                                                                0x00406722
                                                                                                                                                                                0x00406725
                                                                                                                                                                                0x00406728
                                                                                                                                                                                0x0040672b
                                                                                                                                                                                0x0040672e
                                                                                                                                                                                0x00406731
                                                                                                                                                                                0x00406737
                                                                                                                                                                                0x00406750
                                                                                                                                                                                0x00406753
                                                                                                                                                                                0x00406756
                                                                                                                                                                                0x00406759
                                                                                                                                                                                0x0040675d
                                                                                                                                                                                0x0040675f
                                                                                                                                                                                0x00406760
                                                                                                                                                                                0x00406763
                                                                                                                                                                                0x00406739
                                                                                                                                                                                0x00406739
                                                                                                                                                                                0x00406741
                                                                                                                                                                                0x00406746
                                                                                                                                                                                0x00406748
                                                                                                                                                                                0x0040674b
                                                                                                                                                                                0x0040674b
                                                                                                                                                                                0x0040676d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040676f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040676f
                                                                                                                                                                                0x0040676d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065e2

                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b486484d64dd4cde6c37fee08c13c94b86683911648eeb5affe32ba80e56590e
                                                                                                                                                                                • Instruction ID: 736e54d1ea8bc2ffbcc58a3ee687e8f06aed80bce92bf0dad63538ea203c4f31
                                                                                                                                                                                • Opcode Fuzzy Hash: b486484d64dd4cde6c37fee08c13c94b86683911648eeb5affe32ba80e56590e
                                                                                                                                                                                • Instruction Fuzzy Hash: 77913271D00229CBDF28CF98C844BADBBB1FF44305F15816AD856BB281D7789A86DF54
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004062F4, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                                                			E004062F4() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M0040684B))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4)); // executed
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062f4
                                                                                                                                                                                0x004062f4
                                                                                                                                                                                0x004062f8
                                                                                                                                                                                0x004063af
                                                                                                                                                                                0x004063b2
                                                                                                                                                                                0x004063be
                                                                                                                                                                                0x0040629f
                                                                                                                                                                                0x0040629f
                                                                                                                                                                                0x004062a2
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x0040661d
                                                                                                                                                                                0x00406623
                                                                                                                                                                                0x00406629
                                                                                                                                                                                0x00406643
                                                                                                                                                                                0x00406646
                                                                                                                                                                                0x0040664c
                                                                                                                                                                                0x00406657
                                                                                                                                                                                0x00406659
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040663a
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x00406663
                                                                                                                                                                                0x0040668a
                                                                                                                                                                                0x0040668a
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406665
                                                                                                                                                                                0x00406665
                                                                                                                                                                                0x00406669
                                                                                                                                                                                0x00406818
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406818
                                                                                                                                                                                0x00406675
                                                                                                                                                                                0x0040667c
                                                                                                                                                                                0x00406684
                                                                                                                                                                                0x00406687
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406687
                                                                                                                                                                                0x004062fe
                                                                                                                                                                                0x00406302
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00406846
                                                                                                                                                                                0x0040684a
                                                                                                                                                                                0x0040684a
                                                                                                                                                                                0x00406308
                                                                                                                                                                                0x0040630e
                                                                                                                                                                                0x00406311
                                                                                                                                                                                0x00406315
                                                                                                                                                                                0x00406318
                                                                                                                                                                                0x0040631c
                                                                                                                                                                                0x004067e2
                                                                                                                                                                                0x0040682e
                                                                                                                                                                                0x00406836
                                                                                                                                                                                0x0040683d
                                                                                                                                                                                0x0040683f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040683f
                                                                                                                                                                                0x00406322
                                                                                                                                                                                0x00406325
                                                                                                                                                                                0x0040632b
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x00406330
                                                                                                                                                                                0x00406333
                                                                                                                                                                                0x00406336
                                                                                                                                                                                0x00406339
                                                                                                                                                                                0x0040633c
                                                                                                                                                                                0x0040633f
                                                                                                                                                                                0x00406340
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406345
                                                                                                                                                                                0x00406348
                                                                                                                                                                                0x0040634b
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x00406351
                                                                                                                                                                                0x00406353
                                                                                                                                                                                0x00406353
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e35
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e3b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e46
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e4f
                                                                                                                                                                                0x00405e52
                                                                                                                                                                                0x00405e55
                                                                                                                                                                                0x00405e59
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e5f
                                                                                                                                                                                0x00405e62
                                                                                                                                                                                0x00405e64
                                                                                                                                                                                0x00405e65
                                                                                                                                                                                0x00405e68
                                                                                                                                                                                0x00405e6a
                                                                                                                                                                                0x00405e6b
                                                                                                                                                                                0x00405e6d
                                                                                                                                                                                0x00405e70
                                                                                                                                                                                0x00405e75
                                                                                                                                                                                0x00405e7a
                                                                                                                                                                                0x00405e83
                                                                                                                                                                                0x00405e96
                                                                                                                                                                                0x00405e99
                                                                                                                                                                                0x00405ea5
                                                                                                                                                                                0x00405ecd
                                                                                                                                                                                0x00405ecf
                                                                                                                                                                                0x00405edd
                                                                                                                                                                                0x00405edd
                                                                                                                                                                                0x00405ee1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ed4
                                                                                                                                                                                0x00405ed5
                                                                                                                                                                                0x00405ed5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405eab
                                                                                                                                                                                0x00405eb0
                                                                                                                                                                                0x00405eb0
                                                                                                                                                                                0x00405eb9
                                                                                                                                                                                0x00405ec1
                                                                                                                                                                                0x00405ec4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ee7
                                                                                                                                                                                0x00405ee7
                                                                                                                                                                                0x00405eeb
                                                                                                                                                                                0x00406797
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406797
                                                                                                                                                                                0x00405ef4
                                                                                                                                                                                0x00405f04
                                                                                                                                                                                0x00405f07
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0d
                                                                                                                                                                                0x00405f11
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f13
                                                                                                                                                                                0x00405f19
                                                                                                                                                                                0x00405f43
                                                                                                                                                                                0x00405f49
                                                                                                                                                                                0x00405f50
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f50
                                                                                                                                                                                0x00405f1f
                                                                                                                                                                                0x00405f22
                                                                                                                                                                                0x00405f27
                                                                                                                                                                                0x00405f27
                                                                                                                                                                                0x00405f32
                                                                                                                                                                                0x00405f3a
                                                                                                                                                                                0x00405f3d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f82
                                                                                                                                                                                0x00405f88
                                                                                                                                                                                0x00405f8b
                                                                                                                                                                                0x00405f98
                                                                                                                                                                                0x00405fa0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f57
                                                                                                                                                                                0x00405f57
                                                                                                                                                                                0x00405f5b
                                                                                                                                                                                0x004067a6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067a6
                                                                                                                                                                                0x00405f67
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f75
                                                                                                                                                                                0x00405f78
                                                                                                                                                                                0x00405f7b
                                                                                                                                                                                0x00405f80
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405fa8
                                                                                                                                                                                0x00405faa
                                                                                                                                                                                0x00405fad
                                                                                                                                                                                0x0040601e
                                                                                                                                                                                0x00406021
                                                                                                                                                                                0x00406024
                                                                                                                                                                                0x0040602b
                                                                                                                                                                                0x00406035
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406035
                                                                                                                                                                                0x00405faf
                                                                                                                                                                                0x00405fb3
                                                                                                                                                                                0x00405fb6
                                                                                                                                                                                0x00405fb8
                                                                                                                                                                                0x00405fbb
                                                                                                                                                                                0x00405fbe
                                                                                                                                                                                0x00405fc0
                                                                                                                                                                                0x00405fc3
                                                                                                                                                                                0x00405fc5
                                                                                                                                                                                0x00405fca
                                                                                                                                                                                0x00405fcd
                                                                                                                                                                                0x00405fd0
                                                                                                                                                                                0x00405fd4
                                                                                                                                                                                0x00405fdb
                                                                                                                                                                                0x00405fde
                                                                                                                                                                                0x00405fe5
                                                                                                                                                                                0x00405fe9
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405ff5
                                                                                                                                                                                0x00405ff8
                                                                                                                                                                                0x00406016
                                                                                                                                                                                0x00406018
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ffa
                                                                                                                                                                                0x00405ffa
                                                                                                                                                                                0x00405ffd
                                                                                                                                                                                0x00406000
                                                                                                                                                                                0x00406003
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406008
                                                                                                                                                                                0x0040600b
                                                                                                                                                                                0x0040600d
                                                                                                                                                                                0x0040600e
                                                                                                                                                                                0x00406011
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406011
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406247
                                                                                                                                                                                0x0040624b
                                                                                                                                                                                0x00406269
                                                                                                                                                                                0x0040626c
                                                                                                                                                                                0x00406273
                                                                                                                                                                                0x00406276
                                                                                                                                                                                0x00406279
                                                                                                                                                                                0x0040627c
                                                                                                                                                                                0x0040627f
                                                                                                                                                                                0x00406282
                                                                                                                                                                                0x00406284
                                                                                                                                                                                0x0040628b
                                                                                                                                                                                0x0040628c
                                                                                                                                                                                0x0040628e
                                                                                                                                                                                0x00406291
                                                                                                                                                                                0x00406294
                                                                                                                                                                                0x00406297
                                                                                                                                                                                0x00406297
                                                                                                                                                                                0x0040629c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040629c
                                                                                                                                                                                0x0040624d
                                                                                                                                                                                0x00406250
                                                                                                                                                                                0x00406253
                                                                                                                                                                                0x0040625d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062b1
                                                                                                                                                                                0x004062b5
                                                                                                                                                                                0x004062d8
                                                                                                                                                                                0x004062db
                                                                                                                                                                                0x004062de
                                                                                                                                                                                0x004062e8
                                                                                                                                                                                0x004062b7
                                                                                                                                                                                0x004062b7
                                                                                                                                                                                0x004062ba
                                                                                                                                                                                0x004062bd
                                                                                                                                                                                0x004062c0
                                                                                                                                                                                0x004062cd
                                                                                                                                                                                0x004062d0
                                                                                                                                                                                0x004062d0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406365
                                                                                                                                                                                0x00406369
                                                                                                                                                                                0x00406370
                                                                                                                                                                                0x00406373
                                                                                                                                                                                0x00406376
                                                                                                                                                                                0x00406380
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406380
                                                                                                                                                                                0x0040636b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040638c
                                                                                                                                                                                0x00406390
                                                                                                                                                                                0x00406397
                                                                                                                                                                                0x0040639a
                                                                                                                                                                                0x0040639d
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x004063a0
                                                                                                                                                                                0x004063a3
                                                                                                                                                                                0x004063a6
                                                                                                                                                                                0x004063a6
                                                                                                                                                                                0x004063a9
                                                                                                                                                                                0x004063ac
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040644c
                                                                                                                                                                                0x0040644c
                                                                                                                                                                                0x00406450
                                                                                                                                                                                0x004067ee
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067ee
                                                                                                                                                                                0x00406456
                                                                                                                                                                                0x00406459
                                                                                                                                                                                0x0040645c
                                                                                                                                                                                0x00406460
                                                                                                                                                                                0x00406463
                                                                                                                                                                                0x00406469
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646e
                                                                                                                                                                                0x00406471
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406041
                                                                                                                                                                                0x00406041
                                                                                                                                                                                0x00406045
                                                                                                                                                                                0x004067b2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067b2
                                                                                                                                                                                0x0040604b
                                                                                                                                                                                0x0040604e
                                                                                                                                                                                0x00406051
                                                                                                                                                                                0x00406055
                                                                                                                                                                                0x00406058
                                                                                                                                                                                0x0040605e
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406063
                                                                                                                                                                                0x00406066
                                                                                                                                                                                0x00406066
                                                                                                                                                                                0x00406069
                                                                                                                                                                                0x0040606c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406072
                                                                                                                                                                                0x00406078
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040607e
                                                                                                                                                                                0x0040607e
                                                                                                                                                                                0x00406082
                                                                                                                                                                                0x00406085
                                                                                                                                                                                0x00406088
                                                                                                                                                                                0x0040608b
                                                                                                                                                                                0x0040608e
                                                                                                                                                                                0x0040608f
                                                                                                                                                                                0x00406092
                                                                                                                                                                                0x00406094
                                                                                                                                                                                0x0040609a
                                                                                                                                                                                0x0040609d
                                                                                                                                                                                0x004060a0
                                                                                                                                                                                0x004060a3
                                                                                                                                                                                0x004060a6
                                                                                                                                                                                0x004060a9
                                                                                                                                                                                0x004060ac
                                                                                                                                                                                0x004060c8
                                                                                                                                                                                0x004060cb
                                                                                                                                                                                0x004060ce
                                                                                                                                                                                0x004060d1
                                                                                                                                                                                0x004060d8
                                                                                                                                                                                0x004060dc
                                                                                                                                                                                0x004060de
                                                                                                                                                                                0x004060e2
                                                                                                                                                                                0x004060ae
                                                                                                                                                                                0x004060ae
                                                                                                                                                                                0x004060b2
                                                                                                                                                                                0x004060ba
                                                                                                                                                                                0x004060bf
                                                                                                                                                                                0x004060c1
                                                                                                                                                                                0x004060c3
                                                                                                                                                                                0x004060c3
                                                                                                                                                                                0x004060e5
                                                                                                                                                                                0x004060ec
                                                                                                                                                                                0x004060ef
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060f5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060f5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060fa
                                                                                                                                                                                0x004060fa
                                                                                                                                                                                0x004060fe
                                                                                                                                                                                0x004067be
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067be
                                                                                                                                                                                0x00406104
                                                                                                                                                                                0x00406107
                                                                                                                                                                                0x0040610a
                                                                                                                                                                                0x0040610e
                                                                                                                                                                                0x00406111
                                                                                                                                                                                0x00406117
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x0040611c
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x00406125
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406127
                                                                                                                                                                                0x0040612a
                                                                                                                                                                                0x0040612d
                                                                                                                                                                                0x00406130
                                                                                                                                                                                0x00406133
                                                                                                                                                                                0x00406136
                                                                                                                                                                                0x00406139
                                                                                                                                                                                0x0040613c
                                                                                                                                                                                0x0040613f
                                                                                                                                                                                0x00406142
                                                                                                                                                                                0x00406145
                                                                                                                                                                                0x0040615d
                                                                                                                                                                                0x00406160
                                                                                                                                                                                0x00406163
                                                                                                                                                                                0x00406166
                                                                                                                                                                                0x00406166
                                                                                                                                                                                0x00406169
                                                                                                                                                                                0x0040616d
                                                                                                                                                                                0x0040616f
                                                                                                                                                                                0x00406147
                                                                                                                                                                                0x00406147
                                                                                                                                                                                0x0040614f
                                                                                                                                                                                0x00406154
                                                                                                                                                                                0x00406156
                                                                                                                                                                                0x00406158
                                                                                                                                                                                0x00406158
                                                                                                                                                                                0x00406172
                                                                                                                                                                                0x00406179
                                                                                                                                                                                0x0040617c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040617e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040617e
                                                                                                                                                                                0x0040617c
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004061be
                                                                                                                                                                                0x004061be
                                                                                                                                                                                0x004061c2
                                                                                                                                                                                0x004067ca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067ca
                                                                                                                                                                                0x004061c8
                                                                                                                                                                                0x004061cb
                                                                                                                                                                                0x004061ce
                                                                                                                                                                                0x004061d2
                                                                                                                                                                                0x004061d5
                                                                                                                                                                                0x004061db
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061e0
                                                                                                                                                                                0x004061e3
                                                                                                                                                                                0x004061e3
                                                                                                                                                                                0x004061e9
                                                                                                                                                                                0x00406187
                                                                                                                                                                                0x00406187
                                                                                                                                                                                0x0040618a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040618a
                                                                                                                                                                                0x004061eb
                                                                                                                                                                                0x004061eb
                                                                                                                                                                                0x004061ee
                                                                                                                                                                                0x004061f1
                                                                                                                                                                                0x004061f4
                                                                                                                                                                                0x004061f7
                                                                                                                                                                                0x004061fa
                                                                                                                                                                                0x004061fd
                                                                                                                                                                                0x00406200
                                                                                                                                                                                0x00406203
                                                                                                                                                                                0x00406206
                                                                                                                                                                                0x00406209
                                                                                                                                                                                0x00406221
                                                                                                                                                                                0x00406224
                                                                                                                                                                                0x00406227
                                                                                                                                                                                0x0040622a
                                                                                                                                                                                0x0040622a
                                                                                                                                                                                0x0040622d
                                                                                                                                                                                0x00406231
                                                                                                                                                                                0x00406233
                                                                                                                                                                                0x0040620b
                                                                                                                                                                                0x0040620b
                                                                                                                                                                                0x00406213
                                                                                                                                                                                0x00406218
                                                                                                                                                                                0x0040621a
                                                                                                                                                                                0x0040621c
                                                                                                                                                                                0x0040621c
                                                                                                                                                                                0x00406236
                                                                                                                                                                                0x0040623d
                                                                                                                                                                                0x00406240
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406242
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406242
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064cf
                                                                                                                                                                                0x004064cf
                                                                                                                                                                                0x004064d3
                                                                                                                                                                                0x004067fa
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067fa
                                                                                                                                                                                0x004064d9
                                                                                                                                                                                0x004064dc
                                                                                                                                                                                0x004064df
                                                                                                                                                                                0x004064e3
                                                                                                                                                                                0x004064e6
                                                                                                                                                                                0x004064ec
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064f1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065de
                                                                                                                                                                                0x004065e2
                                                                                                                                                                                0x00406604
                                                                                                                                                                                0x00406607
                                                                                                                                                                                0x00406611
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406611
                                                                                                                                                                                0x004065e4
                                                                                                                                                                                0x004065e7
                                                                                                                                                                                0x004065eb
                                                                                                                                                                                0x004065ee
                                                                                                                                                                                0x004065ee
                                                                                                                                                                                0x004065f1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040669b
                                                                                                                                                                                0x0040669f
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066c4
                                                                                                                                                                                0x004066cb
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x004066a1
                                                                                                                                                                                0x004066a4
                                                                                                                                                                                0x004066a7
                                                                                                                                                                                0x004066aa
                                                                                                                                                                                0x004066b1
                                                                                                                                                                                0x004065f5
                                                                                                                                                                                0x004065f5
                                                                                                                                                                                0x004065f8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040678c
                                                                                                                                                                                0x0040678f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004063c6
                                                                                                                                                                                0x004063c8
                                                                                                                                                                                0x004063cf
                                                                                                                                                                                0x004063d0
                                                                                                                                                                                0x004063d2
                                                                                                                                                                                0x004063d5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004063dd
                                                                                                                                                                                0x004063e0
                                                                                                                                                                                0x004063e3
                                                                                                                                                                                0x004063e5
                                                                                                                                                                                0x004063e7
                                                                                                                                                                                0x004063e7
                                                                                                                                                                                0x004063e8
                                                                                                                                                                                0x004063eb
                                                                                                                                                                                0x004063f2
                                                                                                                                                                                0x004063f5
                                                                                                                                                                                0x00406403
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066dc
                                                                                                                                                                                0x004066e3
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066e8
                                                                                                                                                                                0x004066e8
                                                                                                                                                                                0x004066ec
                                                                                                                                                                                0x00406824
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406824
                                                                                                                                                                                0x004066f2
                                                                                                                                                                                0x004066f5
                                                                                                                                                                                0x004066f8
                                                                                                                                                                                0x004066fc
                                                                                                                                                                                0x004066ff
                                                                                                                                                                                0x00406705
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x0040670a
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x00406710
                                                                                                                                                                                0x00406710
                                                                                                                                                                                0x00406714
                                                                                                                                                                                0x00406774
                                                                                                                                                                                0x00406777
                                                                                                                                                                                0x0040677c
                                                                                                                                                                                0x0040677d
                                                                                                                                                                                0x0040677f
                                                                                                                                                                                0x00406781
                                                                                                                                                                                0x00406784
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406784
                                                                                                                                                                                0x00406716
                                                                                                                                                                                0x0040671c
                                                                                                                                                                                0x0040671f
                                                                                                                                                                                0x00406722
                                                                                                                                                                                0x00406725
                                                                                                                                                                                0x00406728
                                                                                                                                                                                0x0040672b
                                                                                                                                                                                0x0040672e
                                                                                                                                                                                0x00406731
                                                                                                                                                                                0x00406734
                                                                                                                                                                                0x00406737
                                                                                                                                                                                0x00406750
                                                                                                                                                                                0x00406753
                                                                                                                                                                                0x00406756
                                                                                                                                                                                0x00406759
                                                                                                                                                                                0x0040675d
                                                                                                                                                                                0x0040675f
                                                                                                                                                                                0x0040675f
                                                                                                                                                                                0x00406760
                                                                                                                                                                                0x00406763
                                                                                                                                                                                0x00406739
                                                                                                                                                                                0x00406739
                                                                                                                                                                                0x00406741
                                                                                                                                                                                0x00406746
                                                                                                                                                                                0x00406748
                                                                                                                                                                                0x0040674b
                                                                                                                                                                                0x0040674b
                                                                                                                                                                                0x00406766
                                                                                                                                                                                0x0040676d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040676f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040676f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040640b
                                                                                                                                                                                0x0040640e
                                                                                                                                                                                0x00406444
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406577
                                                                                                                                                                                0x00406577
                                                                                                                                                                                0x0040657a
                                                                                                                                                                                0x0040657c
                                                                                                                                                                                0x00406806
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406806
                                                                                                                                                                                0x00406582
                                                                                                                                                                                0x00406585
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040658b
                                                                                                                                                                                0x0040658f
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406410
                                                                                                                                                                                0x00406412
                                                                                                                                                                                0x00406414
                                                                                                                                                                                0x00406416
                                                                                                                                                                                0x00406419
                                                                                                                                                                                0x0040641a
                                                                                                                                                                                0x0040641c
                                                                                                                                                                                0x0040641e
                                                                                                                                                                                0x00406421
                                                                                                                                                                                0x00406424
                                                                                                                                                                                0x0040643a
                                                                                                                                                                                0x0040643f
                                                                                                                                                                                0x00406477
                                                                                                                                                                                0x00406477
                                                                                                                                                                                0x0040647b
                                                                                                                                                                                0x004064a7
                                                                                                                                                                                0x004064a9
                                                                                                                                                                                0x004064b0
                                                                                                                                                                                0x004064b3
                                                                                                                                                                                0x004064b6
                                                                                                                                                                                0x004064b6
                                                                                                                                                                                0x004064bb
                                                                                                                                                                                0x004064bb
                                                                                                                                                                                0x004064bd
                                                                                                                                                                                0x004064c0
                                                                                                                                                                                0x004064c7
                                                                                                                                                                                0x004064ca
                                                                                                                                                                                0x004064f7
                                                                                                                                                                                0x004064f7
                                                                                                                                                                                0x004064fa
                                                                                                                                                                                0x004064fd
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x004064ff
                                                                                                                                                                                0x00406505
                                                                                                                                                                                0x00406508
                                                                                                                                                                                0x0040650b
                                                                                                                                                                                0x0040650e
                                                                                                                                                                                0x00406511
                                                                                                                                                                                0x00406514
                                                                                                                                                                                0x00406517
                                                                                                                                                                                0x0040651a
                                                                                                                                                                                0x0040651d
                                                                                                                                                                                0x00406520
                                                                                                                                                                                0x00406539
                                                                                                                                                                                0x0040653b
                                                                                                                                                                                0x0040653e
                                                                                                                                                                                0x0040653f
                                                                                                                                                                                0x00406542
                                                                                                                                                                                0x00406544
                                                                                                                                                                                0x00406547
                                                                                                                                                                                0x00406549
                                                                                                                                                                                0x0040654b
                                                                                                                                                                                0x0040654e
                                                                                                                                                                                0x00406550
                                                                                                                                                                                0x00406553
                                                                                                                                                                                0x00406557
                                                                                                                                                                                0x00406559
                                                                                                                                                                                0x00406559
                                                                                                                                                                                0x0040655a
                                                                                                                                                                                0x0040655d
                                                                                                                                                                                0x00406560
                                                                                                                                                                                0x00406522
                                                                                                                                                                                0x00406522
                                                                                                                                                                                0x0040652a
                                                                                                                                                                                0x0040652f
                                                                                                                                                                                0x00406531
                                                                                                                                                                                0x00406534
                                                                                                                                                                                0x00406534
                                                                                                                                                                                0x00406563
                                                                                                                                                                                0x0040656a
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040656c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040656c
                                                                                                                                                                                0x0040656a
                                                                                                                                                                                0x0040647d
                                                                                                                                                                                0x00406480
                                                                                                                                                                                0x00406482
                                                                                                                                                                                0x00406485
                                                                                                                                                                                0x00406488
                                                                                                                                                                                0x0040648b
                                                                                                                                                                                0x0040648d
                                                                                                                                                                                0x00406490
                                                                                                                                                                                0x00406493
                                                                                                                                                                                0x00406493
                                                                                                                                                                                0x00406496
                                                                                                                                                                                0x00406496
                                                                                                                                                                                0x00406499
                                                                                                                                                                                0x004064a0
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064a2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064a2
                                                                                                                                                                                0x004064a0
                                                                                                                                                                                0x00406426
                                                                                                                                                                                0x00406429
                                                                                                                                                                                0x0040642b
                                                                                                                                                                                0x0040642e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040618d
                                                                                                                                                                                0x0040618d
                                                                                                                                                                                0x00406191
                                                                                                                                                                                0x004067d6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067d6
                                                                                                                                                                                0x00406197
                                                                                                                                                                                0x0040619a
                                                                                                                                                                                0x0040619d
                                                                                                                                                                                0x004061a0
                                                                                                                                                                                0x004061a3
                                                                                                                                                                                0x004061a6
                                                                                                                                                                                0x004061a9
                                                                                                                                                                                0x004061ab
                                                                                                                                                                                0x004061ae
                                                                                                                                                                                0x004061b1
                                                                                                                                                                                0x004061b4
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406599
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040659f
                                                                                                                                                                                0x004065a2
                                                                                                                                                                                0x004065a5
                                                                                                                                                                                0x004065a8
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065ad
                                                                                                                                                                                0x004065b0
                                                                                                                                                                                0x004065b3
                                                                                                                                                                                0x004065b6
                                                                                                                                                                                0x004065b9
                                                                                                                                                                                0x004065bc
                                                                                                                                                                                0x004065bd
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065c2
                                                                                                                                                                                0x004065c5
                                                                                                                                                                                0x004065c8
                                                                                                                                                                                0x004065cb
                                                                                                                                                                                0x004065ce
                                                                                                                                                                                0x004065d2
                                                                                                                                                                                0x004065d4
                                                                                                                                                                                0x004065d7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065d9
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065d9
                                                                                                                                                                                0x004065d7
                                                                                                                                                                                0x0040680c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e3b

                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a5c1a6d88fbf3736e083e35a306841f5f7567a3339756a66f66144e6d7487cc4
                                                                                                                                                                                • Instruction ID: c975835c63a62796fcb7e955cfffcd5e326eaa1512836fcadbce1623bdfadb04
                                                                                                                                                                                • Opcode Fuzzy Hash: a5c1a6d88fbf3736e083e35a306841f5f7567a3339756a66f66144e6d7487cc4
                                                                                                                                                                                • Instruction Fuzzy Hash: AF816671D00229CFDF24CFA8C8447AEBBB1FB44305F25816AD856BB281C7789A86DF54
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00405DF9, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                                                			E00405DF9(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M0040684B))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8); // executed
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12); // executed
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                                                                                                0x00405e09
                                                                                                                                                                                0x00405e10
                                                                                                                                                                                0x00405e16
                                                                                                                                                                                0x00405e1c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e20
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e35
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e3b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e42
                                                                                                                                                                                0x00405e46
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e4f
                                                                                                                                                                                0x00405e52
                                                                                                                                                                                0x00405e55
                                                                                                                                                                                0x00405e57
                                                                                                                                                                                0x00405e59
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e5f
                                                                                                                                                                                0x00405e62
                                                                                                                                                                                0x00405e64
                                                                                                                                                                                0x00405e65
                                                                                                                                                                                0x00405e68
                                                                                                                                                                                0x00405e6a
                                                                                                                                                                                0x00405e6b
                                                                                                                                                                                0x00405e6d
                                                                                                                                                                                0x00405e70
                                                                                                                                                                                0x00405e75
                                                                                                                                                                                0x00405e7a
                                                                                                                                                                                0x00405e83
                                                                                                                                                                                0x00405e96
                                                                                                                                                                                0x00405e99
                                                                                                                                                                                0x00405ea2
                                                                                                                                                                                0x00405ea5
                                                                                                                                                                                0x00405ecd
                                                                                                                                                                                0x00405ecd
                                                                                                                                                                                0x00405ecf
                                                                                                                                                                                0x00405edd
                                                                                                                                                                                0x00405edd
                                                                                                                                                                                0x00405ee1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ed4
                                                                                                                                                                                0x00405ed4
                                                                                                                                                                                0x00405ed5
                                                                                                                                                                                0x00405ed5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ea7
                                                                                                                                                                                0x00405eab
                                                                                                                                                                                0x00405eb0
                                                                                                                                                                                0x00405eb0
                                                                                                                                                                                0x00405eb9
                                                                                                                                                                                0x00405ebf
                                                                                                                                                                                0x00405ec1
                                                                                                                                                                                0x00405ec4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ee7
                                                                                                                                                                                0x00405ee7
                                                                                                                                                                                0x00405eeb
                                                                                                                                                                                0x00406797
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406797
                                                                                                                                                                                0x00405ef4
                                                                                                                                                                                0x00405f04
                                                                                                                                                                                0x00405f07
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0d
                                                                                                                                                                                0x00405f0d
                                                                                                                                                                                0x00405f11
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f13
                                                                                                                                                                                0x00405f16
                                                                                                                                                                                0x00405f19
                                                                                                                                                                                0x00405f43
                                                                                                                                                                                0x00405f49
                                                                                                                                                                                0x00405f50
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f50
                                                                                                                                                                                0x00405f1b
                                                                                                                                                                                0x00405f1f
                                                                                                                                                                                0x00405f22
                                                                                                                                                                                0x00405f27
                                                                                                                                                                                0x00405f27
                                                                                                                                                                                0x00405f32
                                                                                                                                                                                0x00405f38
                                                                                                                                                                                0x00405f3a
                                                                                                                                                                                0x00405f3d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f82
                                                                                                                                                                                0x00405f88
                                                                                                                                                                                0x00405f8b
                                                                                                                                                                                0x00405f98
                                                                                                                                                                                0x00405fa0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f57
                                                                                                                                                                                0x00405f57
                                                                                                                                                                                0x00405f5b
                                                                                                                                                                                0x004067a6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067a6
                                                                                                                                                                                0x00405f67
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f75
                                                                                                                                                                                0x00405f78
                                                                                                                                                                                0x00405f7b
                                                                                                                                                                                0x00405f7e
                                                                                                                                                                                0x00405f80
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x0040661d
                                                                                                                                                                                0x00406623
                                                                                                                                                                                0x00406626
                                                                                                                                                                                0x00406629
                                                                                                                                                                                0x00406643
                                                                                                                                                                                0x00406646
                                                                                                                                                                                0x0040664c
                                                                                                                                                                                0x00406657
                                                                                                                                                                                0x00406657
                                                                                                                                                                                0x00406659
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040663a
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x0040665c
                                                                                                                                                                                0x00406663
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406665
                                                                                                                                                                                0x00406665
                                                                                                                                                                                0x00406669
                                                                                                                                                                                0x00406818
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406818
                                                                                                                                                                                0x00406675
                                                                                                                                                                                0x0040667c
                                                                                                                                                                                0x00406684
                                                                                                                                                                                0x00406684
                                                                                                                                                                                0x00406684
                                                                                                                                                                                0x00406687
                                                                                                                                                                                0x0040668a
                                                                                                                                                                                0x0040668a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405fa8
                                                                                                                                                                                0x00405faa
                                                                                                                                                                                0x00405fad
                                                                                                                                                                                0x0040601e
                                                                                                                                                                                0x00406021
                                                                                                                                                                                0x00406024
                                                                                                                                                                                0x0040602b
                                                                                                                                                                                0x00406035
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406035
                                                                                                                                                                                0x00405faf
                                                                                                                                                                                0x00405fb3
                                                                                                                                                                                0x00405fb6
                                                                                                                                                                                0x00405fb8
                                                                                                                                                                                0x00405fbb
                                                                                                                                                                                0x00405fbe
                                                                                                                                                                                0x00405fc0
                                                                                                                                                                                0x00405fc3
                                                                                                                                                                                0x00405fc5
                                                                                                                                                                                0x00405fca
                                                                                                                                                                                0x00405fcd
                                                                                                                                                                                0x00405fd0
                                                                                                                                                                                0x00405fd4
                                                                                                                                                                                0x00405fdb
                                                                                                                                                                                0x00405fde
                                                                                                                                                                                0x00405fe5
                                                                                                                                                                                0x00405fe9
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405ff5
                                                                                                                                                                                0x00405ff8
                                                                                                                                                                                0x00406016
                                                                                                                                                                                0x00406018
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406018
                                                                                                                                                                                0x00405ffa
                                                                                                                                                                                0x00405ffd
                                                                                                                                                                                0x00406000
                                                                                                                                                                                0x00406003
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406008
                                                                                                                                                                                0x0040600b
                                                                                                                                                                                0x0040600d
                                                                                                                                                                                0x0040600e
                                                                                                                                                                                0x00406011
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406247
                                                                                                                                                                                0x0040624b
                                                                                                                                                                                0x00406269
                                                                                                                                                                                0x0040626c
                                                                                                                                                                                0x00406273
                                                                                                                                                                                0x00406276
                                                                                                                                                                                0x00406279
                                                                                                                                                                                0x0040627c
                                                                                                                                                                                0x0040627f
                                                                                                                                                                                0x00406282
                                                                                                                                                                                0x00406284
                                                                                                                                                                                0x0040628b
                                                                                                                                                                                0x0040628c
                                                                                                                                                                                0x0040628e
                                                                                                                                                                                0x00406291
                                                                                                                                                                                0x00406294
                                                                                                                                                                                0x00406297
                                                                                                                                                                                0x00406297
                                                                                                                                                                                0x0040629c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040629c
                                                                                                                                                                                0x0040624d
                                                                                                                                                                                0x00406250
                                                                                                                                                                                0x00406253
                                                                                                                                                                                0x0040625d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062b1
                                                                                                                                                                                0x004062b5
                                                                                                                                                                                0x004062d8
                                                                                                                                                                                0x004062db
                                                                                                                                                                                0x004062de
                                                                                                                                                                                0x004062e8
                                                                                                                                                                                0x004062b7
                                                                                                                                                                                0x004062b7
                                                                                                                                                                                0x004062ba
                                                                                                                                                                                0x004062bd
                                                                                                                                                                                0x004062c0
                                                                                                                                                                                0x004062cd
                                                                                                                                                                                0x004062d0
                                                                                                                                                                                0x004062d0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062f4
                                                                                                                                                                                0x004062f8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062fe
                                                                                                                                                                                0x00406302
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406308
                                                                                                                                                                                0x0040630a
                                                                                                                                                                                0x0040630e
                                                                                                                                                                                0x0040630e
                                                                                                                                                                                0x00406311
                                                                                                                                                                                0x00406315
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406365
                                                                                                                                                                                0x00406369
                                                                                                                                                                                0x00406370
                                                                                                                                                                                0x00406373
                                                                                                                                                                                0x00406376
                                                                                                                                                                                0x00406380
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406380
                                                                                                                                                                                0x0040636b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040638c
                                                                                                                                                                                0x00406390
                                                                                                                                                                                0x00406397
                                                                                                                                                                                0x0040639a
                                                                                                                                                                                0x0040639d
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x004063a0
                                                                                                                                                                                0x004063a3
                                                                                                                                                                                0x004063a6
                                                                                                                                                                                0x004063a6
                                                                                                                                                                                0x004063a9
                                                                                                                                                                                0x004063ac
                                                                                                                                                                                0x004063af
                                                                                                                                                                                0x004063af
                                                                                                                                                                                0x004063b2
                                                                                                                                                                                0x004063b9
                                                                                                                                                                                0x004063be
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040644c
                                                                                                                                                                                0x0040644c
                                                                                                                                                                                0x00406450
                                                                                                                                                                                0x004067ee
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067ee
                                                                                                                                                                                0x00406456
                                                                                                                                                                                0x00406459
                                                                                                                                                                                0x0040645c
                                                                                                                                                                                0x00406460
                                                                                                                                                                                0x00406463
                                                                                                                                                                                0x00406469
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646e
                                                                                                                                                                                0x00406471
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406041
                                                                                                                                                                                0x00406041
                                                                                                                                                                                0x00406045
                                                                                                                                                                                0x004067b2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067b2
                                                                                                                                                                                0x0040604b
                                                                                                                                                                                0x0040604e
                                                                                                                                                                                0x00406051
                                                                                                                                                                                0x00406055
                                                                                                                                                                                0x00406058
                                                                                                                                                                                0x0040605e
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406063
                                                                                                                                                                                0x00406066
                                                                                                                                                                                0x00406066
                                                                                                                                                                                0x00406069
                                                                                                                                                                                0x0040606c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406072
                                                                                                                                                                                0x00406078
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040607e
                                                                                                                                                                                0x0040607e
                                                                                                                                                                                0x00406082
                                                                                                                                                                                0x00406085
                                                                                                                                                                                0x00406088
                                                                                                                                                                                0x0040608b
                                                                                                                                                                                0x0040608e
                                                                                                                                                                                0x0040608f
                                                                                                                                                                                0x00406092
                                                                                                                                                                                0x00406094
                                                                                                                                                                                0x0040609a
                                                                                                                                                                                0x0040609d
                                                                                                                                                                                0x004060a0
                                                                                                                                                                                0x004060a3
                                                                                                                                                                                0x004060a6
                                                                                                                                                                                0x004060a9
                                                                                                                                                                                0x004060ac
                                                                                                                                                                                0x004060c8
                                                                                                                                                                                0x004060cb
                                                                                                                                                                                0x004060ce
                                                                                                                                                                                0x004060d1
                                                                                                                                                                                0x004060d8
                                                                                                                                                                                0x004060dc
                                                                                                                                                                                0x004060de
                                                                                                                                                                                0x004060e2
                                                                                                                                                                                0x004060ae
                                                                                                                                                                                0x004060ae
                                                                                                                                                                                0x004060b2
                                                                                                                                                                                0x004060ba
                                                                                                                                                                                0x004060bf
                                                                                                                                                                                0x004060c1
                                                                                                                                                                                0x004060c3
                                                                                                                                                                                0x004060c3
                                                                                                                                                                                0x004060e5
                                                                                                                                                                                0x004060ec
                                                                                                                                                                                0x004060ef
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060f5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060f5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060fa
                                                                                                                                                                                0x004060fa
                                                                                                                                                                                0x004060fe
                                                                                                                                                                                0x004067be
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067be
                                                                                                                                                                                0x00406104
                                                                                                                                                                                0x00406107
                                                                                                                                                                                0x0040610a
                                                                                                                                                                                0x0040610e
                                                                                                                                                                                0x00406111
                                                                                                                                                                                0x00406117
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x0040611c
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x00406125
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406127
                                                                                                                                                                                0x0040612a
                                                                                                                                                                                0x0040612d
                                                                                                                                                                                0x00406130
                                                                                                                                                                                0x00406133
                                                                                                                                                                                0x00406136
                                                                                                                                                                                0x00406139
                                                                                                                                                                                0x0040613c
                                                                                                                                                                                0x0040613f
                                                                                                                                                                                0x00406142
                                                                                                                                                                                0x00406145
                                                                                                                                                                                0x0040615d
                                                                                                                                                                                0x00406160
                                                                                                                                                                                0x00406163
                                                                                                                                                                                0x00406166
                                                                                                                                                                                0x00406166
                                                                                                                                                                                0x00406169
                                                                                                                                                                                0x0040616d
                                                                                                                                                                                0x0040616f
                                                                                                                                                                                0x00406147
                                                                                                                                                                                0x00406147
                                                                                                                                                                                0x0040614f
                                                                                                                                                                                0x00406154
                                                                                                                                                                                0x00406156
                                                                                                                                                                                0x00406158
                                                                                                                                                                                0x00406158
                                                                                                                                                                                0x00406172
                                                                                                                                                                                0x00406179
                                                                                                                                                                                0x0040617c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040617e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040617e
                                                                                                                                                                                0x0040617c
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004061be
                                                                                                                                                                                0x004061be
                                                                                                                                                                                0x004061c2
                                                                                                                                                                                0x004067ca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067ca
                                                                                                                                                                                0x004061c8
                                                                                                                                                                                0x004061cb
                                                                                                                                                                                0x004061ce
                                                                                                                                                                                0x004061d2
                                                                                                                                                                                0x004061d5
                                                                                                                                                                                0x004061db
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061e0
                                                                                                                                                                                0x004061e3
                                                                                                                                                                                0x004061e3
                                                                                                                                                                                0x004061e9
                                                                                                                                                                                0x00406187
                                                                                                                                                                                0x00406187
                                                                                                                                                                                0x0040618a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040618a
                                                                                                                                                                                0x004061eb
                                                                                                                                                                                0x004061eb
                                                                                                                                                                                0x004061ee
                                                                                                                                                                                0x004061f1
                                                                                                                                                                                0x004061f4
                                                                                                                                                                                0x004061f7
                                                                                                                                                                                0x004061fa
                                                                                                                                                                                0x004061fd
                                                                                                                                                                                0x00406200
                                                                                                                                                                                0x00406203
                                                                                                                                                                                0x00406206
                                                                                                                                                                                0x00406209
                                                                                                                                                                                0x00406221
                                                                                                                                                                                0x00406224
                                                                                                                                                                                0x00406227
                                                                                                                                                                                0x0040622a
                                                                                                                                                                                0x0040622a
                                                                                                                                                                                0x0040622d
                                                                                                                                                                                0x00406231
                                                                                                                                                                                0x00406233
                                                                                                                                                                                0x0040620b
                                                                                                                                                                                0x0040620b
                                                                                                                                                                                0x00406213
                                                                                                                                                                                0x00406218
                                                                                                                                                                                0x0040621a
                                                                                                                                                                                0x0040621c
                                                                                                                                                                                0x0040621c
                                                                                                                                                                                0x00406236
                                                                                                                                                                                0x0040623d
                                                                                                                                                                                0x00406240
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406242
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406242
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064cf
                                                                                                                                                                                0x004064cf
                                                                                                                                                                                0x004064d3
                                                                                                                                                                                0x004067fa
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067fa
                                                                                                                                                                                0x004064d9
                                                                                                                                                                                0x004064dc
                                                                                                                                                                                0x004064df
                                                                                                                                                                                0x004064e3
                                                                                                                                                                                0x004064e6
                                                                                                                                                                                0x004064ec
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064f1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040629f
                                                                                                                                                                                0x0040629f
                                                                                                                                                                                0x004062a2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065de
                                                                                                                                                                                0x004065e2
                                                                                                                                                                                0x00406604
                                                                                                                                                                                0x00406607
                                                                                                                                                                                0x00406611
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x004065e4
                                                                                                                                                                                0x004065e7
                                                                                                                                                                                0x004065eb
                                                                                                                                                                                0x004065ee
                                                                                                                                                                                0x004065ee
                                                                                                                                                                                0x004065f1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040669b
                                                                                                                                                                                0x0040669f
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066c4
                                                                                                                                                                                0x004066cb
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x004066a1
                                                                                                                                                                                0x004066a4
                                                                                                                                                                                0x004066a7
                                                                                                                                                                                0x004066aa
                                                                                                                                                                                0x004066b1
                                                                                                                                                                                0x004065f5
                                                                                                                                                                                0x004065f5
                                                                                                                                                                                0x004065f8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040678c
                                                                                                                                                                                0x0040678f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004063c6
                                                                                                                                                                                0x004063c8
                                                                                                                                                                                0x004063cf
                                                                                                                                                                                0x004063d0
                                                                                                                                                                                0x004063d2
                                                                                                                                                                                0x004063d5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004063dd
                                                                                                                                                                                0x004063e0
                                                                                                                                                                                0x004063e3
                                                                                                                                                                                0x004063e5
                                                                                                                                                                                0x004063e7
                                                                                                                                                                                0x004063e7
                                                                                                                                                                                0x004063e8
                                                                                                                                                                                0x004063eb
                                                                                                                                                                                0x004063f2
                                                                                                                                                                                0x004063f5
                                                                                                                                                                                0x00406403
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066dc
                                                                                                                                                                                0x004066e3
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066e8
                                                                                                                                                                                0x004066e8
                                                                                                                                                                                0x004066ec
                                                                                                                                                                                0x00406824
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406824
                                                                                                                                                                                0x004066f2
                                                                                                                                                                                0x004066f5
                                                                                                                                                                                0x004066f8
                                                                                                                                                                                0x004066fc
                                                                                                                                                                                0x004066ff
                                                                                                                                                                                0x00406705
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x0040670a
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x00406710
                                                                                                                                                                                0x00406710
                                                                                                                                                                                0x00406714
                                                                                                                                                                                0x00406774
                                                                                                                                                                                0x00406777
                                                                                                                                                                                0x0040677c
                                                                                                                                                                                0x0040677d
                                                                                                                                                                                0x0040677f
                                                                                                                                                                                0x00406781
                                                                                                                                                                                0x00406784
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406716
                                                                                                                                                                                0x0040671c
                                                                                                                                                                                0x0040671f
                                                                                                                                                                                0x00406722
                                                                                                                                                                                0x00406725
                                                                                                                                                                                0x00406728
                                                                                                                                                                                0x0040672b
                                                                                                                                                                                0x0040672e
                                                                                                                                                                                0x00406731
                                                                                                                                                                                0x00406734
                                                                                                                                                                                0x00406737
                                                                                                                                                                                0x00406750
                                                                                                                                                                                0x00406753
                                                                                                                                                                                0x00406756
                                                                                                                                                                                0x00406759
                                                                                                                                                                                0x0040675d
                                                                                                                                                                                0x0040675f
                                                                                                                                                                                0x0040675f
                                                                                                                                                                                0x00406760
                                                                                                                                                                                0x00406763
                                                                                                                                                                                0x00406739
                                                                                                                                                                                0x00406739
                                                                                                                                                                                0x00406741
                                                                                                                                                                                0x00406746
                                                                                                                                                                                0x00406748
                                                                                                                                                                                0x0040674b
                                                                                                                                                                                0x0040674b
                                                                                                                                                                                0x00406766
                                                                                                                                                                                0x0040676d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040676f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040676f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040640b
                                                                                                                                                                                0x0040640e
                                                                                                                                                                                0x00406444
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406577
                                                                                                                                                                                0x00406577
                                                                                                                                                                                0x0040657a
                                                                                                                                                                                0x0040657c
                                                                                                                                                                                0x00406806
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406806
                                                                                                                                                                                0x00406582
                                                                                                                                                                                0x00406585
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040658b
                                                                                                                                                                                0x0040658f
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406410
                                                                                                                                                                                0x00406412
                                                                                                                                                                                0x00406414
                                                                                                                                                                                0x00406416
                                                                                                                                                                                0x00406419
                                                                                                                                                                                0x0040641a
                                                                                                                                                                                0x0040641c
                                                                                                                                                                                0x0040641e
                                                                                                                                                                                0x00406421
                                                                                                                                                                                0x00406424
                                                                                                                                                                                0x0040643a
                                                                                                                                                                                0x0040643f
                                                                                                                                                                                0x00406477
                                                                                                                                                                                0x00406477
                                                                                                                                                                                0x0040647b
                                                                                                                                                                                0x004064a7
                                                                                                                                                                                0x004064a9
                                                                                                                                                                                0x004064b0
                                                                                                                                                                                0x004064b3
                                                                                                                                                                                0x004064b6
                                                                                                                                                                                0x004064b6
                                                                                                                                                                                0x004064bb
                                                                                                                                                                                0x004064bb
                                                                                                                                                                                0x004064bd
                                                                                                                                                                                0x004064c0
                                                                                                                                                                                0x004064c7
                                                                                                                                                                                0x004064ca
                                                                                                                                                                                0x004064f7
                                                                                                                                                                                0x004064f7
                                                                                                                                                                                0x004064fa
                                                                                                                                                                                0x004064fd
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x004064ff
                                                                                                                                                                                0x00406505
                                                                                                                                                                                0x00406508
                                                                                                                                                                                0x0040650b
                                                                                                                                                                                0x0040650e
                                                                                                                                                                                0x00406511
                                                                                                                                                                                0x00406514
                                                                                                                                                                                0x00406517
                                                                                                                                                                                0x0040651a
                                                                                                                                                                                0x0040651d
                                                                                                                                                                                0x00406520
                                                                                                                                                                                0x00406539
                                                                                                                                                                                0x0040653b
                                                                                                                                                                                0x0040653e
                                                                                                                                                                                0x0040653f
                                                                                                                                                                                0x00406542
                                                                                                                                                                                0x00406544
                                                                                                                                                                                0x00406547
                                                                                                                                                                                0x00406549
                                                                                                                                                                                0x0040654b
                                                                                                                                                                                0x0040654e
                                                                                                                                                                                0x00406550
                                                                                                                                                                                0x00406553
                                                                                                                                                                                0x00406557
                                                                                                                                                                                0x00406559
                                                                                                                                                                                0x00406559
                                                                                                                                                                                0x0040655a
                                                                                                                                                                                0x0040655d
                                                                                                                                                                                0x00406560
                                                                                                                                                                                0x00406522
                                                                                                                                                                                0x00406522
                                                                                                                                                                                0x0040652a
                                                                                                                                                                                0x0040652f
                                                                                                                                                                                0x00406531
                                                                                                                                                                                0x00406534
                                                                                                                                                                                0x00406534
                                                                                                                                                                                0x00406563
                                                                                                                                                                                0x0040656a
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040656c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040656c
                                                                                                                                                                                0x0040656a
                                                                                                                                                                                0x0040647d
                                                                                                                                                                                0x00406480
                                                                                                                                                                                0x00406482
                                                                                                                                                                                0x00406485
                                                                                                                                                                                0x00406488
                                                                                                                                                                                0x0040648b
                                                                                                                                                                                0x0040648d
                                                                                                                                                                                0x00406490
                                                                                                                                                                                0x00406493
                                                                                                                                                                                0x00406493
                                                                                                                                                                                0x00406496
                                                                                                                                                                                0x00406496
                                                                                                                                                                                0x00406499
                                                                                                                                                                                0x004064a0
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064a2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064a2
                                                                                                                                                                                0x004064a0
                                                                                                                                                                                0x00406426
                                                                                                                                                                                0x00406429
                                                                                                                                                                                0x0040642b
                                                                                                                                                                                0x0040642e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040618d
                                                                                                                                                                                0x0040618d
                                                                                                                                                                                0x00406191
                                                                                                                                                                                0x004067d6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067d6
                                                                                                                                                                                0x00406197
                                                                                                                                                                                0x0040619a
                                                                                                                                                                                0x0040619d
                                                                                                                                                                                0x004061a0
                                                                                                                                                                                0x004061a3
                                                                                                                                                                                0x004061a6
                                                                                                                                                                                0x004061a9
                                                                                                                                                                                0x004061ab
                                                                                                                                                                                0x004061ae
                                                                                                                                                                                0x004061b1
                                                                                                                                                                                0x004061b4
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406318
                                                                                                                                                                                0x00406318
                                                                                                                                                                                0x0040631c
                                                                                                                                                                                0x004067e2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067e2
                                                                                                                                                                                0x00406322
                                                                                                                                                                                0x00406325
                                                                                                                                                                                0x00406328
                                                                                                                                                                                0x0040632b
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x00406330
                                                                                                                                                                                0x00406333
                                                                                                                                                                                0x00406336
                                                                                                                                                                                0x00406339
                                                                                                                                                                                0x0040633c
                                                                                                                                                                                0x0040633f
                                                                                                                                                                                0x00406340
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406345
                                                                                                                                                                                0x00406348
                                                                                                                                                                                0x0040634b
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x00406351
                                                                                                                                                                                0x00406353
                                                                                                                                                                                0x00406353
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406599
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040659f
                                                                                                                                                                                0x004065a2
                                                                                                                                                                                0x004065a5
                                                                                                                                                                                0x004065a8
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065ad
                                                                                                                                                                                0x004065b0
                                                                                                                                                                                0x004065b3
                                                                                                                                                                                0x004065b6
                                                                                                                                                                                0x004065b9
                                                                                                                                                                                0x004065bc
                                                                                                                                                                                0x004065bd
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065c2
                                                                                                                                                                                0x004065c5
                                                                                                                                                                                0x004065c8
                                                                                                                                                                                0x004065cb
                                                                                                                                                                                0x004065ce
                                                                                                                                                                                0x004065d2
                                                                                                                                                                                0x004065d4
                                                                                                                                                                                0x004065d7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065d9
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x004065d7
                                                                                                                                                                                0x0040680c
                                                                                                                                                                                0x0040682e
                                                                                                                                                                                0x00406834
                                                                                                                                                                                0x00406836
                                                                                                                                                                                0x0040683d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e3b
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00000000

                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 797fef13bb3e8e171cff3cae9b41bd7abdeca14a353df9249488f574514014e3
                                                                                                                                                                                • Instruction ID: 0ba87498709856dc17a0c5f751d6ecfe3ae25d7b1153355424f504aba8ac83cf
                                                                                                                                                                                • Opcode Fuzzy Hash: 797fef13bb3e8e171cff3cae9b41bd7abdeca14a353df9249488f574514014e3
                                                                                                                                                                                • Instruction Fuzzy Hash: B4817772D04229CBDF24CFA8C8447AEBBB0FB44305F25816AD856BB2C0D7785A86DF44
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00406247, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                                                			E00406247() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M0040684B))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4)); // executed
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8)); // executed
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406247
                                                                                                                                                                                0x00406247
                                                                                                                                                                                0x0040624b
                                                                                                                                                                                0x0040626c
                                                                                                                                                                                0x00406273
                                                                                                                                                                                0x00406279
                                                                                                                                                                                0x0040627f
                                                                                                                                                                                0x00406291
                                                                                                                                                                                0x00406297
                                                                                                                                                                                0x0040629c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040624d
                                                                                                                                                                                0x00406253
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x0040661d
                                                                                                                                                                                0x00406623
                                                                                                                                                                                0x00406629
                                                                                                                                                                                0x00406643
                                                                                                                                                                                0x00406646
                                                                                                                                                                                0x0040664c
                                                                                                                                                                                0x00406657
                                                                                                                                                                                0x00406659
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040663a
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x00406663
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406665
                                                                                                                                                                                0x00406669
                                                                                                                                                                                0x00406818
                                                                                                                                                                                0x0040682e
                                                                                                                                                                                0x00406836
                                                                                                                                                                                0x0040683d
                                                                                                                                                                                0x0040683f
                                                                                                                                                                                0x00406846
                                                                                                                                                                                0x0040684a
                                                                                                                                                                                0x0040684a
                                                                                                                                                                                0x00406675
                                                                                                                                                                                0x0040667c
                                                                                                                                                                                0x00406684
                                                                                                                                                                                0x00406687
                                                                                                                                                                                0x0040668a
                                                                                                                                                                                0x0040668a
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e35
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e3b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e46
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e4f
                                                                                                                                                                                0x00405e52
                                                                                                                                                                                0x00405e55
                                                                                                                                                                                0x00405e59
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e5f
                                                                                                                                                                                0x00405e62
                                                                                                                                                                                0x00405e64
                                                                                                                                                                                0x00405e65
                                                                                                                                                                                0x00405e68
                                                                                                                                                                                0x00405e6a
                                                                                                                                                                                0x00405e6b
                                                                                                                                                                                0x00405e6d
                                                                                                                                                                                0x00405e70
                                                                                                                                                                                0x00405e75
                                                                                                                                                                                0x00405e7a
                                                                                                                                                                                0x00405e83
                                                                                                                                                                                0x00405e96
                                                                                                                                                                                0x00405e99
                                                                                                                                                                                0x00405ea5
                                                                                                                                                                                0x00405ecd
                                                                                                                                                                                0x00405ecf
                                                                                                                                                                                0x00405edd
                                                                                                                                                                                0x00405edd
                                                                                                                                                                                0x00405ee1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ed4
                                                                                                                                                                                0x00405ed5
                                                                                                                                                                                0x00405ed5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405eab
                                                                                                                                                                                0x00405eb0
                                                                                                                                                                                0x00405eb0
                                                                                                                                                                                0x00405eb9
                                                                                                                                                                                0x00405ec1
                                                                                                                                                                                0x00405ec4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ee7
                                                                                                                                                                                0x00405ee7
                                                                                                                                                                                0x00405eeb
                                                                                                                                                                                0x00406797
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406797
                                                                                                                                                                                0x00405ef4
                                                                                                                                                                                0x00405f04
                                                                                                                                                                                0x00405f07
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0d
                                                                                                                                                                                0x00405f11
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f13
                                                                                                                                                                                0x00405f19
                                                                                                                                                                                0x00405f43
                                                                                                                                                                                0x00405f49
                                                                                                                                                                                0x00405f50
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f50
                                                                                                                                                                                0x00405f1f
                                                                                                                                                                                0x00405f22
                                                                                                                                                                                0x00405f27
                                                                                                                                                                                0x00405f27
                                                                                                                                                                                0x00405f32
                                                                                                                                                                                0x00405f3a
                                                                                                                                                                                0x00405f3d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f82
                                                                                                                                                                                0x00405f88
                                                                                                                                                                                0x00405f8b
                                                                                                                                                                                0x00405f98
                                                                                                                                                                                0x00405fa0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f57
                                                                                                                                                                                0x00405f57
                                                                                                                                                                                0x00405f5b
                                                                                                                                                                                0x004067a6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067a6
                                                                                                                                                                                0x00405f67
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f75
                                                                                                                                                                                0x00405f78
                                                                                                                                                                                0x00405f7b
                                                                                                                                                                                0x00405f80
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x0040661d
                                                                                                                                                                                0x00406623
                                                                                                                                                                                0x00406629
                                                                                                                                                                                0x00406643
                                                                                                                                                                                0x00406646
                                                                                                                                                                                0x0040664c
                                                                                                                                                                                0x00406657
                                                                                                                                                                                0x00406659
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040663a
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x00406663
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405fa8
                                                                                                                                                                                0x00405faa
                                                                                                                                                                                0x00405fad
                                                                                                                                                                                0x0040601e
                                                                                                                                                                                0x00406021
                                                                                                                                                                                0x00406024
                                                                                                                                                                                0x0040602b
                                                                                                                                                                                0x00406035
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00405faf
                                                                                                                                                                                0x00405fb3
                                                                                                                                                                                0x00405fb6
                                                                                                                                                                                0x00405fb8
                                                                                                                                                                                0x00405fbb
                                                                                                                                                                                0x00405fbe
                                                                                                                                                                                0x00405fc0
                                                                                                                                                                                0x00405fc3
                                                                                                                                                                                0x00405fc5
                                                                                                                                                                                0x00405fca
                                                                                                                                                                                0x00405fcd
                                                                                                                                                                                0x00405fd0
                                                                                                                                                                                0x00405fd4
                                                                                                                                                                                0x00405fdb
                                                                                                                                                                                0x00405fde
                                                                                                                                                                                0x00405fe5
                                                                                                                                                                                0x00405fe9
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405ff5
                                                                                                                                                                                0x00405ff8
                                                                                                                                                                                0x00406016
                                                                                                                                                                                0x00406018
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ffa
                                                                                                                                                                                0x00405ffa
                                                                                                                                                                                0x00405ffd
                                                                                                                                                                                0x00406000
                                                                                                                                                                                0x00406003
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406008
                                                                                                                                                                                0x0040600b
                                                                                                                                                                                0x0040600d
                                                                                                                                                                                0x0040600e
                                                                                                                                                                                0x00406011
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406011
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062b1
                                                                                                                                                                                0x004062b5
                                                                                                                                                                                0x004062d8
                                                                                                                                                                                0x004062db
                                                                                                                                                                                0x004062de
                                                                                                                                                                                0x004062e8
                                                                                                                                                                                0x004062b7
                                                                                                                                                                                0x004062b7
                                                                                                                                                                                0x004062ba
                                                                                                                                                                                0x004062bd
                                                                                                                                                                                0x004062c0
                                                                                                                                                                                0x004062cd
                                                                                                                                                                                0x004062d0
                                                                                                                                                                                0x004062d0
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062f4
                                                                                                                                                                                0x004062f8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062fe
                                                                                                                                                                                0x00406302
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406308
                                                                                                                                                                                0x0040630a
                                                                                                                                                                                0x0040630e
                                                                                                                                                                                0x0040630e
                                                                                                                                                                                0x00406311
                                                                                                                                                                                0x00406315
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406365
                                                                                                                                                                                0x00406369
                                                                                                                                                                                0x00406370
                                                                                                                                                                                0x00406373
                                                                                                                                                                                0x00406376
                                                                                                                                                                                0x00406380
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x0040636b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040638c
                                                                                                                                                                                0x00406390
                                                                                                                                                                                0x00406397
                                                                                                                                                                                0x0040639a
                                                                                                                                                                                0x0040639d
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x004063a0
                                                                                                                                                                                0x004063a3
                                                                                                                                                                                0x004063a6
                                                                                                                                                                                0x004063a6
                                                                                                                                                                                0x004063a9
                                                                                                                                                                                0x004063ac
                                                                                                                                                                                0x004063af
                                                                                                                                                                                0x004063af
                                                                                                                                                                                0x004063b2
                                                                                                                                                                                0x004063b9
                                                                                                                                                                                0x004063be
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040644c
                                                                                                                                                                                0x0040644c
                                                                                                                                                                                0x00406450
                                                                                                                                                                                0x004067ee
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067ee
                                                                                                                                                                                0x00406456
                                                                                                                                                                                0x00406459
                                                                                                                                                                                0x0040645c
                                                                                                                                                                                0x00406460
                                                                                                                                                                                0x00406463
                                                                                                                                                                                0x00406469
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646e
                                                                                                                                                                                0x00406471
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406041
                                                                                                                                                                                0x00406041
                                                                                                                                                                                0x00406045
                                                                                                                                                                                0x004067b2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067b2
                                                                                                                                                                                0x0040604b
                                                                                                                                                                                0x0040604e
                                                                                                                                                                                0x00406051
                                                                                                                                                                                0x00406055
                                                                                                                                                                                0x00406058
                                                                                                                                                                                0x0040605e
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406063
                                                                                                                                                                                0x00406066
                                                                                                                                                                                0x00406066
                                                                                                                                                                                0x00406069
                                                                                                                                                                                0x0040606c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406072
                                                                                                                                                                                0x00406078
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040607e
                                                                                                                                                                                0x0040607e
                                                                                                                                                                                0x00406082
                                                                                                                                                                                0x00406085
                                                                                                                                                                                0x00406088
                                                                                                                                                                                0x0040608b
                                                                                                                                                                                0x0040608e
                                                                                                                                                                                0x0040608f
                                                                                                                                                                                0x00406092
                                                                                                                                                                                0x00406094
                                                                                                                                                                                0x0040609a
                                                                                                                                                                                0x0040609d
                                                                                                                                                                                0x004060a0
                                                                                                                                                                                0x004060a3
                                                                                                                                                                                0x004060a6
                                                                                                                                                                                0x004060a9
                                                                                                                                                                                0x004060ac
                                                                                                                                                                                0x004060c8
                                                                                                                                                                                0x004060cb
                                                                                                                                                                                0x004060ce
                                                                                                                                                                                0x004060d1
                                                                                                                                                                                0x004060d8
                                                                                                                                                                                0x004060dc
                                                                                                                                                                                0x004060de
                                                                                                                                                                                0x004060e2
                                                                                                                                                                                0x004060ae
                                                                                                                                                                                0x004060ae
                                                                                                                                                                                0x004060b2
                                                                                                                                                                                0x004060ba
                                                                                                                                                                                0x004060bf
                                                                                                                                                                                0x004060c1
                                                                                                                                                                                0x004060c3
                                                                                                                                                                                0x004060c3
                                                                                                                                                                                0x004060e5
                                                                                                                                                                                0x004060ec
                                                                                                                                                                                0x004060ef
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060f5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060f5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060fa
                                                                                                                                                                                0x004060fa
                                                                                                                                                                                0x004060fe
                                                                                                                                                                                0x004067be
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067be
                                                                                                                                                                                0x00406104
                                                                                                                                                                                0x00406107
                                                                                                                                                                                0x0040610a
                                                                                                                                                                                0x0040610e
                                                                                                                                                                                0x00406111
                                                                                                                                                                                0x00406117
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x0040611c
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x00406125
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406127
                                                                                                                                                                                0x0040612a
                                                                                                                                                                                0x0040612d
                                                                                                                                                                                0x00406130
                                                                                                                                                                                0x00406133
                                                                                                                                                                                0x00406136
                                                                                                                                                                                0x00406139
                                                                                                                                                                                0x0040613c
                                                                                                                                                                                0x0040613f
                                                                                                                                                                                0x00406142
                                                                                                                                                                                0x00406145
                                                                                                                                                                                0x0040615d
                                                                                                                                                                                0x00406160
                                                                                                                                                                                0x00406163
                                                                                                                                                                                0x00406166
                                                                                                                                                                                0x00406166
                                                                                                                                                                                0x00406169
                                                                                                                                                                                0x0040616d
                                                                                                                                                                                0x0040616f
                                                                                                                                                                                0x00406147
                                                                                                                                                                                0x00406147
                                                                                                                                                                                0x0040614f
                                                                                                                                                                                0x00406154
                                                                                                                                                                                0x00406156
                                                                                                                                                                                0x00406158
                                                                                                                                                                                0x00406158
                                                                                                                                                                                0x00406172
                                                                                                                                                                                0x00406179
                                                                                                                                                                                0x0040617c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040617e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040617e
                                                                                                                                                                                0x0040617c
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004061be
                                                                                                                                                                                0x004061be
                                                                                                                                                                                0x004061c2
                                                                                                                                                                                0x004067ca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067ca
                                                                                                                                                                                0x004061c8
                                                                                                                                                                                0x004061cb
                                                                                                                                                                                0x004061ce
                                                                                                                                                                                0x004061d2
                                                                                                                                                                                0x004061d5
                                                                                                                                                                                0x004061db
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061e0
                                                                                                                                                                                0x004061e3
                                                                                                                                                                                0x004061e3
                                                                                                                                                                                0x004061e9
                                                                                                                                                                                0x00406187
                                                                                                                                                                                0x00406187
                                                                                                                                                                                0x0040618a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040618a
                                                                                                                                                                                0x004061eb
                                                                                                                                                                                0x004061eb
                                                                                                                                                                                0x004061ee
                                                                                                                                                                                0x004061f1
                                                                                                                                                                                0x004061f4
                                                                                                                                                                                0x004061f7
                                                                                                                                                                                0x004061fa
                                                                                                                                                                                0x004061fd
                                                                                                                                                                                0x00406200
                                                                                                                                                                                0x00406203
                                                                                                                                                                                0x00406206
                                                                                                                                                                                0x00406209
                                                                                                                                                                                0x00406221
                                                                                                                                                                                0x00406224
                                                                                                                                                                                0x00406227
                                                                                                                                                                                0x0040622a
                                                                                                                                                                                0x0040622a
                                                                                                                                                                                0x0040622d
                                                                                                                                                                                0x00406231
                                                                                                                                                                                0x00406233
                                                                                                                                                                                0x0040620b
                                                                                                                                                                                0x0040620b
                                                                                                                                                                                0x00406213
                                                                                                                                                                                0x00406218
                                                                                                                                                                                0x0040621a
                                                                                                                                                                                0x0040621c
                                                                                                                                                                                0x0040621c
                                                                                                                                                                                0x00406236
                                                                                                                                                                                0x0040623d
                                                                                                                                                                                0x00406240
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406242
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406242
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064cf
                                                                                                                                                                                0x004064cf
                                                                                                                                                                                0x004064d3
                                                                                                                                                                                0x004067fa
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067fa
                                                                                                                                                                                0x004064d9
                                                                                                                                                                                0x004064dc
                                                                                                                                                                                0x004064df
                                                                                                                                                                                0x004064e3
                                                                                                                                                                                0x004064e6
                                                                                                                                                                                0x004064ec
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064f1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040629f
                                                                                                                                                                                0x0040629f
                                                                                                                                                                                0x004062a2
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065de
                                                                                                                                                                                0x004065e2
                                                                                                                                                                                0x00406604
                                                                                                                                                                                0x00406607
                                                                                                                                                                                0x00406611
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x004065e4
                                                                                                                                                                                0x004065e7
                                                                                                                                                                                0x004065eb
                                                                                                                                                                                0x004065ee
                                                                                                                                                                                0x004065ee
                                                                                                                                                                                0x004065f1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040669b
                                                                                                                                                                                0x0040669f
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066c4
                                                                                                                                                                                0x004066cb
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x004066a1
                                                                                                                                                                                0x004066a4
                                                                                                                                                                                0x004066a7
                                                                                                                                                                                0x004066aa
                                                                                                                                                                                0x004066b1
                                                                                                                                                                                0x004065f5
                                                                                                                                                                                0x004065f5
                                                                                                                                                                                0x004065f8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040678c
                                                                                                                                                                                0x0040678f
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004063c6
                                                                                                                                                                                0x004063c8
                                                                                                                                                                                0x004063cf
                                                                                                                                                                                0x004063d0
                                                                                                                                                                                0x004063d2
                                                                                                                                                                                0x004063d5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004063dd
                                                                                                                                                                                0x004063e0
                                                                                                                                                                                0x004063e3
                                                                                                                                                                                0x004063e5
                                                                                                                                                                                0x004063e7
                                                                                                                                                                                0x004063e7
                                                                                                                                                                                0x004063e8
                                                                                                                                                                                0x004063eb
                                                                                                                                                                                0x004063f2
                                                                                                                                                                                0x004063f5
                                                                                                                                                                                0x00406403
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066dc
                                                                                                                                                                                0x004066e3
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066e8
                                                                                                                                                                                0x004066e8
                                                                                                                                                                                0x004066ec
                                                                                                                                                                                0x00406824
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406824
                                                                                                                                                                                0x004066f2
                                                                                                                                                                                0x004066f5
                                                                                                                                                                                0x004066f8
                                                                                                                                                                                0x004066fc
                                                                                                                                                                                0x004066ff
                                                                                                                                                                                0x00406705
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x0040670a
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x00406710
                                                                                                                                                                                0x00406710
                                                                                                                                                                                0x00406714
                                                                                                                                                                                0x00406774
                                                                                                                                                                                0x00406777
                                                                                                                                                                                0x0040677c
                                                                                                                                                                                0x0040677d
                                                                                                                                                                                0x0040677f
                                                                                                                                                                                0x00406781
                                                                                                                                                                                0x00406784
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406696
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406716
                                                                                                                                                                                0x0040671c
                                                                                                                                                                                0x0040671f
                                                                                                                                                                                0x00406722
                                                                                                                                                                                0x00406725
                                                                                                                                                                                0x00406728
                                                                                                                                                                                0x0040672b
                                                                                                                                                                                0x0040672e
                                                                                                                                                                                0x00406731
                                                                                                                                                                                0x00406734
                                                                                                                                                                                0x00406737
                                                                                                                                                                                0x00406750
                                                                                                                                                                                0x00406753
                                                                                                                                                                                0x00406756
                                                                                                                                                                                0x00406759
                                                                                                                                                                                0x0040675d
                                                                                                                                                                                0x0040675f
                                                                                                                                                                                0x0040675f
                                                                                                                                                                                0x00406760
                                                                                                                                                                                0x00406763
                                                                                                                                                                                0x00406739
                                                                                                                                                                                0x00406739
                                                                                                                                                                                0x00406741
                                                                                                                                                                                0x00406746
                                                                                                                                                                                0x00406748
                                                                                                                                                                                0x0040674b
                                                                                                                                                                                0x0040674b
                                                                                                                                                                                0x00406766
                                                                                                                                                                                0x0040676d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040676f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040676f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040640b
                                                                                                                                                                                0x0040640e
                                                                                                                                                                                0x00406444
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406577
                                                                                                                                                                                0x00406577
                                                                                                                                                                                0x0040657a
                                                                                                                                                                                0x0040657c
                                                                                                                                                                                0x00406806
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406806
                                                                                                                                                                                0x00406582
                                                                                                                                                                                0x00406585
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040658b
                                                                                                                                                                                0x0040658f
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406410
                                                                                                                                                                                0x00406412
                                                                                                                                                                                0x00406414
                                                                                                                                                                                0x00406416
                                                                                                                                                                                0x00406419
                                                                                                                                                                                0x0040641a
                                                                                                                                                                                0x0040641c
                                                                                                                                                                                0x0040641e
                                                                                                                                                                                0x00406421
                                                                                                                                                                                0x00406424
                                                                                                                                                                                0x0040643a
                                                                                                                                                                                0x0040643f
                                                                                                                                                                                0x00406477
                                                                                                                                                                                0x00406477
                                                                                                                                                                                0x0040647b
                                                                                                                                                                                0x004064a7
                                                                                                                                                                                0x004064a9
                                                                                                                                                                                0x004064b0
                                                                                                                                                                                0x004064b3
                                                                                                                                                                                0x004064b6
                                                                                                                                                                                0x004064b6
                                                                                                                                                                                0x004064bb
                                                                                                                                                                                0x004064bb
                                                                                                                                                                                0x004064bd
                                                                                                                                                                                0x004064c0
                                                                                                                                                                                0x004064c7
                                                                                                                                                                                0x004064ca
                                                                                                                                                                                0x004064f7
                                                                                                                                                                                0x004064f7
                                                                                                                                                                                0x004064fa
                                                                                                                                                                                0x004064fd
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x004064ff
                                                                                                                                                                                0x00406505
                                                                                                                                                                                0x00406508
                                                                                                                                                                                0x0040650b
                                                                                                                                                                                0x0040650e
                                                                                                                                                                                0x00406511
                                                                                                                                                                                0x00406514
                                                                                                                                                                                0x00406517
                                                                                                                                                                                0x0040651a
                                                                                                                                                                                0x0040651d
                                                                                                                                                                                0x00406520
                                                                                                                                                                                0x00406539
                                                                                                                                                                                0x0040653b
                                                                                                                                                                                0x0040653e
                                                                                                                                                                                0x0040653f
                                                                                                                                                                                0x00406542
                                                                                                                                                                                0x00406544
                                                                                                                                                                                0x00406547
                                                                                                                                                                                0x00406549
                                                                                                                                                                                0x0040654b
                                                                                                                                                                                0x0040654e
                                                                                                                                                                                0x00406550
                                                                                                                                                                                0x00406553
                                                                                                                                                                                0x00406557
                                                                                                                                                                                0x00406559
                                                                                                                                                                                0x00406559
                                                                                                                                                                                0x0040655a
                                                                                                                                                                                0x0040655d
                                                                                                                                                                                0x00406560
                                                                                                                                                                                0x00406522
                                                                                                                                                                                0x00406522
                                                                                                                                                                                0x0040652a
                                                                                                                                                                                0x0040652f
                                                                                                                                                                                0x00406531
                                                                                                                                                                                0x00406534
                                                                                                                                                                                0x00406534
                                                                                                                                                                                0x00406563
                                                                                                                                                                                0x0040656a
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040656c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040656c
                                                                                                                                                                                0x0040656a
                                                                                                                                                                                0x0040647d
                                                                                                                                                                                0x00406480
                                                                                                                                                                                0x00406482
                                                                                                                                                                                0x00406485
                                                                                                                                                                                0x00406488
                                                                                                                                                                                0x0040648b
                                                                                                                                                                                0x0040648d
                                                                                                                                                                                0x00406490
                                                                                                                                                                                0x00406493
                                                                                                                                                                                0x00406493
                                                                                                                                                                                0x00406496
                                                                                                                                                                                0x00406496
                                                                                                                                                                                0x00406499
                                                                                                                                                                                0x004064a0
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064a2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064a2
                                                                                                                                                                                0x004064a0
                                                                                                                                                                                0x00406426
                                                                                                                                                                                0x00406429
                                                                                                                                                                                0x0040642b
                                                                                                                                                                                0x0040642e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040618d
                                                                                                                                                                                0x0040618d
                                                                                                                                                                                0x00406191
                                                                                                                                                                                0x004067d6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067d6
                                                                                                                                                                                0x00406197
                                                                                                                                                                                0x0040619a
                                                                                                                                                                                0x0040619d
                                                                                                                                                                                0x004061a0
                                                                                                                                                                                0x004061a3
                                                                                                                                                                                0x004061a6
                                                                                                                                                                                0x004061a9
                                                                                                                                                                                0x004061ab
                                                                                                                                                                                0x004061ae
                                                                                                                                                                                0x004061b1
                                                                                                                                                                                0x004061b4
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406318
                                                                                                                                                                                0x00406318
                                                                                                                                                                                0x0040631c
                                                                                                                                                                                0x004067e2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067e2
                                                                                                                                                                                0x00406322
                                                                                                                                                                                0x00406325
                                                                                                                                                                                0x00406328
                                                                                                                                                                                0x0040632b
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x00406330
                                                                                                                                                                                0x00406333
                                                                                                                                                                                0x00406336
                                                                                                                                                                                0x00406339
                                                                                                                                                                                0x0040633c
                                                                                                                                                                                0x0040633f
                                                                                                                                                                                0x00406340
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406345
                                                                                                                                                                                0x00406348
                                                                                                                                                                                0x0040634b
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x00406351
                                                                                                                                                                                0x00406353
                                                                                                                                                                                0x00406353
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406599
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040659f
                                                                                                                                                                                0x004065a2
                                                                                                                                                                                0x004065a5
                                                                                                                                                                                0x004065a8
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065ad
                                                                                                                                                                                0x004065b0
                                                                                                                                                                                0x004065b3
                                                                                                                                                                                0x004065b6
                                                                                                                                                                                0x004065b9
                                                                                                                                                                                0x004065bc
                                                                                                                                                                                0x004065bd
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065c2
                                                                                                                                                                                0x004065c5
                                                                                                                                                                                0x004065c8
                                                                                                                                                                                0x004065cb
                                                                                                                                                                                0x004065ce
                                                                                                                                                                                0x004065d2
                                                                                                                                                                                0x004065d4
                                                                                                                                                                                0x004065d7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065d9
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x004065d7
                                                                                                                                                                                0x0040680c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e3b
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040624b

                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ab0e96aa9de7783a5fbfa8537471c17f47562fab6ccc56c1d015952012775d3a
                                                                                                                                                                                • Instruction ID: 47c5cb8fc101d284839cddc633a7ca9263ac2e2456f843b1234a04abf02d33d1
                                                                                                                                                                                • Opcode Fuzzy Hash: ab0e96aa9de7783a5fbfa8537471c17f47562fab6ccc56c1d015952012775d3a
                                                                                                                                                                                • Instruction Fuzzy Hash: 0C713371D00229CBDF28CFA8C844BADBBF1FB44305F15806AD816BB281D7785A86DF54
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00406365, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                                                			E00406365() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M0040684B))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4)); // executed
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8)); // executed
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406365
                                                                                                                                                                                0x00406365
                                                                                                                                                                                0x00406369
                                                                                                                                                                                0x00406376
                                                                                                                                                                                0x00406380
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040636b
                                                                                                                                                                                0x0040636b
                                                                                                                                                                                0x004063a6
                                                                                                                                                                                0x004063a9
                                                                                                                                                                                0x004063ac
                                                                                                                                                                                0x004063af
                                                                                                                                                                                0x004063af
                                                                                                                                                                                0x004063b2
                                                                                                                                                                                0x004063b9
                                                                                                                                                                                0x004063be
                                                                                                                                                                                0x0040629f
                                                                                                                                                                                0x004062a2
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x0040661d
                                                                                                                                                                                0x00406623
                                                                                                                                                                                0x00406629
                                                                                                                                                                                0x00406643
                                                                                                                                                                                0x00406646
                                                                                                                                                                                0x0040664c
                                                                                                                                                                                0x00406657
                                                                                                                                                                                0x00406659
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040663a
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x00406663
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406665
                                                                                                                                                                                0x00406669
                                                                                                                                                                                0x00406818
                                                                                                                                                                                0x0040682e
                                                                                                                                                                                0x00406836
                                                                                                                                                                                0x0040683d
                                                                                                                                                                                0x0040683f
                                                                                                                                                                                0x00406846
                                                                                                                                                                                0x0040684a
                                                                                                                                                                                0x0040684a
                                                                                                                                                                                0x00406675
                                                                                                                                                                                0x0040667c
                                                                                                                                                                                0x00406684
                                                                                                                                                                                0x00406687
                                                                                                                                                                                0x0040668a
                                                                                                                                                                                0x0040668a
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e35
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e3b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e46
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e4f
                                                                                                                                                                                0x00405e52
                                                                                                                                                                                0x00405e55
                                                                                                                                                                                0x00405e59
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e5f
                                                                                                                                                                                0x00405e62
                                                                                                                                                                                0x00405e64
                                                                                                                                                                                0x00405e65
                                                                                                                                                                                0x00405e68
                                                                                                                                                                                0x00405e6a
                                                                                                                                                                                0x00405e6b
                                                                                                                                                                                0x00405e6d
                                                                                                                                                                                0x00405e70
                                                                                                                                                                                0x00405e75
                                                                                                                                                                                0x00405e7a
                                                                                                                                                                                0x00405e83
                                                                                                                                                                                0x00405e96
                                                                                                                                                                                0x00405e99
                                                                                                                                                                                0x00405ea5
                                                                                                                                                                                0x00405ecd
                                                                                                                                                                                0x00405ecf
                                                                                                                                                                                0x00405edd
                                                                                                                                                                                0x00405edd
                                                                                                                                                                                0x00405ee1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ed4
                                                                                                                                                                                0x00405ed5
                                                                                                                                                                                0x00405ed5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405eab
                                                                                                                                                                                0x00405eb0
                                                                                                                                                                                0x00405eb0
                                                                                                                                                                                0x00405eb9
                                                                                                                                                                                0x00405ec1
                                                                                                                                                                                0x00405ec4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ee7
                                                                                                                                                                                0x00405ee7
                                                                                                                                                                                0x00405eeb
                                                                                                                                                                                0x00406797
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406797
                                                                                                                                                                                0x00405ef4
                                                                                                                                                                                0x00405f04
                                                                                                                                                                                0x00405f07
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0d
                                                                                                                                                                                0x00405f11
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f13
                                                                                                                                                                                0x00405f19
                                                                                                                                                                                0x00405f43
                                                                                                                                                                                0x00405f49
                                                                                                                                                                                0x00405f50
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f50
                                                                                                                                                                                0x00405f1f
                                                                                                                                                                                0x00405f22
                                                                                                                                                                                0x00405f27
                                                                                                                                                                                0x00405f27
                                                                                                                                                                                0x00405f32
                                                                                                                                                                                0x00405f3a
                                                                                                                                                                                0x00405f3d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f82
                                                                                                                                                                                0x00405f88
                                                                                                                                                                                0x00405f8b
                                                                                                                                                                                0x00405f98
                                                                                                                                                                                0x00405fa0
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f57
                                                                                                                                                                                0x00405f57
                                                                                                                                                                                0x00405f5b
                                                                                                                                                                                0x004067a6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067a6
                                                                                                                                                                                0x00405f67
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f75
                                                                                                                                                                                0x00405f78
                                                                                                                                                                                0x00405f7b
                                                                                                                                                                                0x00405f80
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x0040661d
                                                                                                                                                                                0x00406623
                                                                                                                                                                                0x00406629
                                                                                                                                                                                0x00406643
                                                                                                                                                                                0x00406646
                                                                                                                                                                                0x0040664c
                                                                                                                                                                                0x00406657
                                                                                                                                                                                0x00406659
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040663a
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x00406663
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405fa8
                                                                                                                                                                                0x00405faa
                                                                                                                                                                                0x00405fad
                                                                                                                                                                                0x0040601e
                                                                                                                                                                                0x00406021
                                                                                                                                                                                0x00406024
                                                                                                                                                                                0x0040602b
                                                                                                                                                                                0x00406035
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00405faf
                                                                                                                                                                                0x00405fb3
                                                                                                                                                                                0x00405fb6
                                                                                                                                                                                0x00405fb8
                                                                                                                                                                                0x00405fbb
                                                                                                                                                                                0x00405fbe
                                                                                                                                                                                0x00405fc0
                                                                                                                                                                                0x00405fc3
                                                                                                                                                                                0x00405fc5
                                                                                                                                                                                0x00405fca
                                                                                                                                                                                0x00405fcd
                                                                                                                                                                                0x00405fd0
                                                                                                                                                                                0x00405fd4
                                                                                                                                                                                0x00405fdb
                                                                                                                                                                                0x00405fde
                                                                                                                                                                                0x00405fe5
                                                                                                                                                                                0x00405fe9
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405ff5
                                                                                                                                                                                0x00405ff8
                                                                                                                                                                                0x00406016
                                                                                                                                                                                0x00406018
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ffa
                                                                                                                                                                                0x00405ffa
                                                                                                                                                                                0x00405ffd
                                                                                                                                                                                0x00406000
                                                                                                                                                                                0x00406003
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406008
                                                                                                                                                                                0x0040600b
                                                                                                                                                                                0x0040600d
                                                                                                                                                                                0x0040600e
                                                                                                                                                                                0x00406011
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406011
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406247
                                                                                                                                                                                0x0040624b
                                                                                                                                                                                0x00406269
                                                                                                                                                                                0x0040626c
                                                                                                                                                                                0x00406273
                                                                                                                                                                                0x00406276
                                                                                                                                                                                0x00406279
                                                                                                                                                                                0x0040627c
                                                                                                                                                                                0x0040627f
                                                                                                                                                                                0x00406282
                                                                                                                                                                                0x00406284
                                                                                                                                                                                0x0040628b
                                                                                                                                                                                0x0040628c
                                                                                                                                                                                0x0040628e
                                                                                                                                                                                0x00406291
                                                                                                                                                                                0x00406294
                                                                                                                                                                                0x00406297
                                                                                                                                                                                0x00406297
                                                                                                                                                                                0x0040629c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040629c
                                                                                                                                                                                0x0040624d
                                                                                                                                                                                0x00406250
                                                                                                                                                                                0x00406253
                                                                                                                                                                                0x0040625d
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062b1
                                                                                                                                                                                0x004062b5
                                                                                                                                                                                0x004062d8
                                                                                                                                                                                0x004062db
                                                                                                                                                                                0x004062de
                                                                                                                                                                                0x004062e8
                                                                                                                                                                                0x004062b7
                                                                                                                                                                                0x004062b7
                                                                                                                                                                                0x004062ba
                                                                                                                                                                                0x004062bd
                                                                                                                                                                                0x004062c0
                                                                                                                                                                                0x004062cd
                                                                                                                                                                                0x004062d0
                                                                                                                                                                                0x004062d0
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062f4
                                                                                                                                                                                0x004062f8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062fe
                                                                                                                                                                                0x00406302
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406308
                                                                                                                                                                                0x0040630a
                                                                                                                                                                                0x0040630e
                                                                                                                                                                                0x0040630e
                                                                                                                                                                                0x00406311
                                                                                                                                                                                0x00406315
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040638c
                                                                                                                                                                                0x00406390
                                                                                                                                                                                0x00406397
                                                                                                                                                                                0x0040639a
                                                                                                                                                                                0x0040639d
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x004063a0
                                                                                                                                                                                0x004063a3
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040644c
                                                                                                                                                                                0x0040644c
                                                                                                                                                                                0x00406450
                                                                                                                                                                                0x004067ee
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067ee
                                                                                                                                                                                0x00406456
                                                                                                                                                                                0x00406459
                                                                                                                                                                                0x0040645c
                                                                                                                                                                                0x00406460
                                                                                                                                                                                0x00406463
                                                                                                                                                                                0x00406469
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646e
                                                                                                                                                                                0x00406471
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406041
                                                                                                                                                                                0x00406041
                                                                                                                                                                                0x00406045
                                                                                                                                                                                0x004067b2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067b2
                                                                                                                                                                                0x0040604b
                                                                                                                                                                                0x0040604e
                                                                                                                                                                                0x00406051
                                                                                                                                                                                0x00406055
                                                                                                                                                                                0x00406058
                                                                                                                                                                                0x0040605e
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406063
                                                                                                                                                                                0x00406066
                                                                                                                                                                                0x00406066
                                                                                                                                                                                0x00406069
                                                                                                                                                                                0x0040606c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406072
                                                                                                                                                                                0x00406078
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040607e
                                                                                                                                                                                0x0040607e
                                                                                                                                                                                0x00406082
                                                                                                                                                                                0x00406085
                                                                                                                                                                                0x00406088
                                                                                                                                                                                0x0040608b
                                                                                                                                                                                0x0040608e
                                                                                                                                                                                0x0040608f
                                                                                                                                                                                0x00406092
                                                                                                                                                                                0x00406094
                                                                                                                                                                                0x0040609a
                                                                                                                                                                                0x0040609d
                                                                                                                                                                                0x004060a0
                                                                                                                                                                                0x004060a3
                                                                                                                                                                                0x004060a6
                                                                                                                                                                                0x004060a9
                                                                                                                                                                                0x004060ac
                                                                                                                                                                                0x004060c8
                                                                                                                                                                                0x004060cb
                                                                                                                                                                                0x004060ce
                                                                                                                                                                                0x004060d1
                                                                                                                                                                                0x004060d8
                                                                                                                                                                                0x004060dc
                                                                                                                                                                                0x004060de
                                                                                                                                                                                0x004060e2
                                                                                                                                                                                0x004060ae
                                                                                                                                                                                0x004060ae
                                                                                                                                                                                0x004060b2
                                                                                                                                                                                0x004060ba
                                                                                                                                                                                0x004060bf
                                                                                                                                                                                0x004060c1
                                                                                                                                                                                0x004060c3
                                                                                                                                                                                0x004060c3
                                                                                                                                                                                0x004060e5
                                                                                                                                                                                0x004060ec
                                                                                                                                                                                0x004060ef
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060f5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060f5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060fa
                                                                                                                                                                                0x004060fa
                                                                                                                                                                                0x004060fe
                                                                                                                                                                                0x004067be
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067be
                                                                                                                                                                                0x00406104
                                                                                                                                                                                0x00406107
                                                                                                                                                                                0x0040610a
                                                                                                                                                                                0x0040610e
                                                                                                                                                                                0x00406111
                                                                                                                                                                                0x00406117
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x0040611c
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x00406125
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406127
                                                                                                                                                                                0x0040612a
                                                                                                                                                                                0x0040612d
                                                                                                                                                                                0x00406130
                                                                                                                                                                                0x00406133
                                                                                                                                                                                0x00406136
                                                                                                                                                                                0x00406139
                                                                                                                                                                                0x0040613c
                                                                                                                                                                                0x0040613f
                                                                                                                                                                                0x00406142
                                                                                                                                                                                0x00406145
                                                                                                                                                                                0x0040615d
                                                                                                                                                                                0x00406160
                                                                                                                                                                                0x00406163
                                                                                                                                                                                0x00406166
                                                                                                                                                                                0x00406166
                                                                                                                                                                                0x00406169
                                                                                                                                                                                0x0040616d
                                                                                                                                                                                0x0040616f
                                                                                                                                                                                0x00406147
                                                                                                                                                                                0x00406147
                                                                                                                                                                                0x0040614f
                                                                                                                                                                                0x00406154
                                                                                                                                                                                0x00406156
                                                                                                                                                                                0x00406158
                                                                                                                                                                                0x00406158
                                                                                                                                                                                0x00406172
                                                                                                                                                                                0x00406179
                                                                                                                                                                                0x0040617c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040617e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040617e
                                                                                                                                                                                0x0040617c
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004061be
                                                                                                                                                                                0x004061be
                                                                                                                                                                                0x004061c2
                                                                                                                                                                                0x004067ca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067ca
                                                                                                                                                                                0x004061c8
                                                                                                                                                                                0x004061cb
                                                                                                                                                                                0x004061ce
                                                                                                                                                                                0x004061d2
                                                                                                                                                                                0x004061d5
                                                                                                                                                                                0x004061db
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061e0
                                                                                                                                                                                0x004061e3
                                                                                                                                                                                0x004061e3
                                                                                                                                                                                0x004061e9
                                                                                                                                                                                0x00406187
                                                                                                                                                                                0x00406187
                                                                                                                                                                                0x0040618a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040618a
                                                                                                                                                                                0x004061eb
                                                                                                                                                                                0x004061eb
                                                                                                                                                                                0x004061ee
                                                                                                                                                                                0x004061f1
                                                                                                                                                                                0x004061f4
                                                                                                                                                                                0x004061f7
                                                                                                                                                                                0x004061fa
                                                                                                                                                                                0x004061fd
                                                                                                                                                                                0x00406200
                                                                                                                                                                                0x00406203
                                                                                                                                                                                0x00406206
                                                                                                                                                                                0x00406209
                                                                                                                                                                                0x00406221
                                                                                                                                                                                0x00406224
                                                                                                                                                                                0x00406227
                                                                                                                                                                                0x0040622a
                                                                                                                                                                                0x0040622a
                                                                                                                                                                                0x0040622d
                                                                                                                                                                                0x00406231
                                                                                                                                                                                0x00406233
                                                                                                                                                                                0x0040620b
                                                                                                                                                                                0x0040620b
                                                                                                                                                                                0x00406213
                                                                                                                                                                                0x00406218
                                                                                                                                                                                0x0040621a
                                                                                                                                                                                0x0040621c
                                                                                                                                                                                0x0040621c
                                                                                                                                                                                0x00406236
                                                                                                                                                                                0x0040623d
                                                                                                                                                                                0x00406240
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406242
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406242
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064cf
                                                                                                                                                                                0x004064cf
                                                                                                                                                                                0x004064d3
                                                                                                                                                                                0x004067fa
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067fa
                                                                                                                                                                                0x004064d9
                                                                                                                                                                                0x004064dc
                                                                                                                                                                                0x004064df
                                                                                                                                                                                0x004064e3
                                                                                                                                                                                0x004064e6
                                                                                                                                                                                0x004064ec
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064f1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065de
                                                                                                                                                                                0x004065e2
                                                                                                                                                                                0x00406604
                                                                                                                                                                                0x00406607
                                                                                                                                                                                0x00406611
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x004065e4
                                                                                                                                                                                0x004065e7
                                                                                                                                                                                0x004065eb
                                                                                                                                                                                0x004065ee
                                                                                                                                                                                0x004065ee
                                                                                                                                                                                0x004065f1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040669b
                                                                                                                                                                                0x0040669f
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066c4
                                                                                                                                                                                0x004066cb
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x004066a1
                                                                                                                                                                                0x004066a4
                                                                                                                                                                                0x004066a7
                                                                                                                                                                                0x004066aa
                                                                                                                                                                                0x004066b1
                                                                                                                                                                                0x004065f5
                                                                                                                                                                                0x004065f5
                                                                                                                                                                                0x004065f8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040678c
                                                                                                                                                                                0x0040678f
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004063c6
                                                                                                                                                                                0x004063c8
                                                                                                                                                                                0x004063cf
                                                                                                                                                                                0x004063d0
                                                                                                                                                                                0x004063d2
                                                                                                                                                                                0x004063d5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004063dd
                                                                                                                                                                                0x004063e0
                                                                                                                                                                                0x004063e3
                                                                                                                                                                                0x004063e5
                                                                                                                                                                                0x004063e7
                                                                                                                                                                                0x004063e7
                                                                                                                                                                                0x004063e8
                                                                                                                                                                                0x004063eb
                                                                                                                                                                                0x004063f2
                                                                                                                                                                                0x004063f5
                                                                                                                                                                                0x00406403
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066dc
                                                                                                                                                                                0x004066e3
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066e8
                                                                                                                                                                                0x004066e8
                                                                                                                                                                                0x004066ec
                                                                                                                                                                                0x00406824
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406824
                                                                                                                                                                                0x004066f2
                                                                                                                                                                                0x004066f5
                                                                                                                                                                                0x004066f8
                                                                                                                                                                                0x004066fc
                                                                                                                                                                                0x004066ff
                                                                                                                                                                                0x00406705
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x0040670a
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x00406710
                                                                                                                                                                                0x00406710
                                                                                                                                                                                0x00406714
                                                                                                                                                                                0x00406774
                                                                                                                                                                                0x00406777
                                                                                                                                                                                0x0040677c
                                                                                                                                                                                0x0040677d
                                                                                                                                                                                0x0040677f
                                                                                                                                                                                0x00406781
                                                                                                                                                                                0x00406784
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406696
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406716
                                                                                                                                                                                0x0040671c
                                                                                                                                                                                0x0040671f
                                                                                                                                                                                0x00406722
                                                                                                                                                                                0x00406725
                                                                                                                                                                                0x00406728
                                                                                                                                                                                0x0040672b
                                                                                                                                                                                0x0040672e
                                                                                                                                                                                0x00406731
                                                                                                                                                                                0x00406734
                                                                                                                                                                                0x00406737
                                                                                                                                                                                0x00406750
                                                                                                                                                                                0x00406753
                                                                                                                                                                                0x00406756
                                                                                                                                                                                0x00406759
                                                                                                                                                                                0x0040675d
                                                                                                                                                                                0x0040675f
                                                                                                                                                                                0x0040675f
                                                                                                                                                                                0x00406760
                                                                                                                                                                                0x00406763
                                                                                                                                                                                0x00406739
                                                                                                                                                                                0x00406739
                                                                                                                                                                                0x00406741
                                                                                                                                                                                0x00406746
                                                                                                                                                                                0x00406748
                                                                                                                                                                                0x0040674b
                                                                                                                                                                                0x0040674b
                                                                                                                                                                                0x00406766
                                                                                                                                                                                0x0040676d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040676f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040676f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040640b
                                                                                                                                                                                0x0040640e
                                                                                                                                                                                0x00406444
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406577
                                                                                                                                                                                0x00406577
                                                                                                                                                                                0x0040657a
                                                                                                                                                                                0x0040657c
                                                                                                                                                                                0x00406806
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406806
                                                                                                                                                                                0x00406582
                                                                                                                                                                                0x00406585
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040658b
                                                                                                                                                                                0x0040658f
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406410
                                                                                                                                                                                0x00406412
                                                                                                                                                                                0x00406414
                                                                                                                                                                                0x00406416
                                                                                                                                                                                0x00406419
                                                                                                                                                                                0x0040641a
                                                                                                                                                                                0x0040641c
                                                                                                                                                                                0x0040641e
                                                                                                                                                                                0x00406421
                                                                                                                                                                                0x00406424
                                                                                                                                                                                0x0040643a
                                                                                                                                                                                0x0040643f
                                                                                                                                                                                0x00406477
                                                                                                                                                                                0x00406477
                                                                                                                                                                                0x0040647b
                                                                                                                                                                                0x004064a7
                                                                                                                                                                                0x004064a9
                                                                                                                                                                                0x004064b0
                                                                                                                                                                                0x004064b3
                                                                                                                                                                                0x004064b6
                                                                                                                                                                                0x004064b6
                                                                                                                                                                                0x004064bb
                                                                                                                                                                                0x004064bb
                                                                                                                                                                                0x004064bd
                                                                                                                                                                                0x004064c0
                                                                                                                                                                                0x004064c7
                                                                                                                                                                                0x004064ca
                                                                                                                                                                                0x004064f7
                                                                                                                                                                                0x004064f7
                                                                                                                                                                                0x004064fa
                                                                                                                                                                                0x004064fd
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x004064ff
                                                                                                                                                                                0x00406505
                                                                                                                                                                                0x00406508
                                                                                                                                                                                0x0040650b
                                                                                                                                                                                0x0040650e
                                                                                                                                                                                0x00406511
                                                                                                                                                                                0x00406514
                                                                                                                                                                                0x00406517
                                                                                                                                                                                0x0040651a
                                                                                                                                                                                0x0040651d
                                                                                                                                                                                0x00406520
                                                                                                                                                                                0x00406539
                                                                                                                                                                                0x0040653b
                                                                                                                                                                                0x0040653e
                                                                                                                                                                                0x0040653f
                                                                                                                                                                                0x00406542
                                                                                                                                                                                0x00406544
                                                                                                                                                                                0x00406547
                                                                                                                                                                                0x00406549
                                                                                                                                                                                0x0040654b
                                                                                                                                                                                0x0040654e
                                                                                                                                                                                0x00406550
                                                                                                                                                                                0x00406553
                                                                                                                                                                                0x00406557
                                                                                                                                                                                0x00406559
                                                                                                                                                                                0x00406559
                                                                                                                                                                                0x0040655a
                                                                                                                                                                                0x0040655d
                                                                                                                                                                                0x00406560
                                                                                                                                                                                0x00406522
                                                                                                                                                                                0x00406522
                                                                                                                                                                                0x0040652a
                                                                                                                                                                                0x0040652f
                                                                                                                                                                                0x00406531
                                                                                                                                                                                0x00406534
                                                                                                                                                                                0x00406534
                                                                                                                                                                                0x00406563
                                                                                                                                                                                0x0040656a
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040656c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040656c
                                                                                                                                                                                0x0040656a
                                                                                                                                                                                0x0040647d
                                                                                                                                                                                0x00406480
                                                                                                                                                                                0x00406482
                                                                                                                                                                                0x00406485
                                                                                                                                                                                0x00406488
                                                                                                                                                                                0x0040648b
                                                                                                                                                                                0x0040648d
                                                                                                                                                                                0x00406490
                                                                                                                                                                                0x00406493
                                                                                                                                                                                0x00406493
                                                                                                                                                                                0x00406496
                                                                                                                                                                                0x00406496
                                                                                                                                                                                0x00406499
                                                                                                                                                                                0x004064a0
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064a2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064a2
                                                                                                                                                                                0x004064a0
                                                                                                                                                                                0x00406426
                                                                                                                                                                                0x00406429
                                                                                                                                                                                0x0040642b
                                                                                                                                                                                0x0040642e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040618d
                                                                                                                                                                                0x0040618d
                                                                                                                                                                                0x00406191
                                                                                                                                                                                0x004067d6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067d6
                                                                                                                                                                                0x00406197
                                                                                                                                                                                0x0040619a
                                                                                                                                                                                0x0040619d
                                                                                                                                                                                0x004061a0
                                                                                                                                                                                0x004061a3
                                                                                                                                                                                0x004061a6
                                                                                                                                                                                0x004061a9
                                                                                                                                                                                0x004061ab
                                                                                                                                                                                0x004061ae
                                                                                                                                                                                0x004061b1
                                                                                                                                                                                0x004061b4
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406318
                                                                                                                                                                                0x00406318
                                                                                                                                                                                0x0040631c
                                                                                                                                                                                0x004067e2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067e2
                                                                                                                                                                                0x00406322
                                                                                                                                                                                0x00406325
                                                                                                                                                                                0x00406328
                                                                                                                                                                                0x0040632b
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x00406330
                                                                                                                                                                                0x00406333
                                                                                                                                                                                0x00406336
                                                                                                                                                                                0x00406339
                                                                                                                                                                                0x0040633c
                                                                                                                                                                                0x0040633f
                                                                                                                                                                                0x00406340
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406345
                                                                                                                                                                                0x00406348
                                                                                                                                                                                0x0040634b
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x00406351
                                                                                                                                                                                0x00406353
                                                                                                                                                                                0x00406353
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406599
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040659f
                                                                                                                                                                                0x004065a2
                                                                                                                                                                                0x004065a5
                                                                                                                                                                                0x004065a8
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065ad
                                                                                                                                                                                0x004065b0
                                                                                                                                                                                0x004065b3
                                                                                                                                                                                0x004065b6
                                                                                                                                                                                0x004065b9
                                                                                                                                                                                0x004065bc
                                                                                                                                                                                0x004065bd
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065c2
                                                                                                                                                                                0x004065c5
                                                                                                                                                                                0x004065c8
                                                                                                                                                                                0x004065cb
                                                                                                                                                                                0x004065ce
                                                                                                                                                                                0x004065d2
                                                                                                                                                                                0x004065d4
                                                                                                                                                                                0x004065d7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065d9
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x004065d7
                                                                                                                                                                                0x0040680c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e3b
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406369

                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 204a14aa4723f8bacec733d7555320540fe203445ac57d520a52ca53e11fdb0c
                                                                                                                                                                                • Instruction ID: aa40489b15165fca9e2d73c9723ecf3d5b4a768092768a0400057c9dc9ec6b69
                                                                                                                                                                                • Opcode Fuzzy Hash: 204a14aa4723f8bacec733d7555320540fe203445ac57d520a52ca53e11fdb0c
                                                                                                                                                                                • Instruction Fuzzy Hash: F6714471D04229CFDF28CF98C844BAEBBB1FB44305F25816AD816BB281D7785A86DF54
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004062B1, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                                                			E004062B1() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M0040684B))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4)); // executed
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062b1
                                                                                                                                                                                0x004062b1
                                                                                                                                                                                0x004062b5
                                                                                                                                                                                0x004062de
                                                                                                                                                                                0x004062e8
                                                                                                                                                                                0x004062b7
                                                                                                                                                                                0x004062c0
                                                                                                                                                                                0x004062cd
                                                                                                                                                                                0x004062d0
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x0040661d
                                                                                                                                                                                0x00406623
                                                                                                                                                                                0x00406629
                                                                                                                                                                                0x00406643
                                                                                                                                                                                0x00406646
                                                                                                                                                                                0x0040664c
                                                                                                                                                                                0x00406657
                                                                                                                                                                                0x00406659
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040663a
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x00406663
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406665
                                                                                                                                                                                0x00406669
                                                                                                                                                                                0x00406818
                                                                                                                                                                                0x0040682e
                                                                                                                                                                                0x00406836
                                                                                                                                                                                0x0040683d
                                                                                                                                                                                0x0040683f
                                                                                                                                                                                0x00406846
                                                                                                                                                                                0x0040684a
                                                                                                                                                                                0x0040684a
                                                                                                                                                                                0x00406675
                                                                                                                                                                                0x0040667c
                                                                                                                                                                                0x00406684
                                                                                                                                                                                0x00406687
                                                                                                                                                                                0x0040668a
                                                                                                                                                                                0x0040668a
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e2c
                                                                                                                                                                                0x00405e35
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e3b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e46
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e4f
                                                                                                                                                                                0x00405e52
                                                                                                                                                                                0x00405e55
                                                                                                                                                                                0x00405e59
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e5f
                                                                                                                                                                                0x00405e62
                                                                                                                                                                                0x00405e64
                                                                                                                                                                                0x00405e65
                                                                                                                                                                                0x00405e68
                                                                                                                                                                                0x00405e6a
                                                                                                                                                                                0x00405e6b
                                                                                                                                                                                0x00405e6d
                                                                                                                                                                                0x00405e70
                                                                                                                                                                                0x00405e75
                                                                                                                                                                                0x00405e7a
                                                                                                                                                                                0x00405e83
                                                                                                                                                                                0x00405e96
                                                                                                                                                                                0x00405e99
                                                                                                                                                                                0x00405ea5
                                                                                                                                                                                0x00405ecd
                                                                                                                                                                                0x00405ecf
                                                                                                                                                                                0x00405edd
                                                                                                                                                                                0x00405edd
                                                                                                                                                                                0x00405ee1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405ed4
                                                                                                                                                                                0x00405ed5
                                                                                                                                                                                0x00405ed5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ed1
                                                                                                                                                                                0x00405eab
                                                                                                                                                                                0x00405eb0
                                                                                                                                                                                0x00405eb0
                                                                                                                                                                                0x00405eb9
                                                                                                                                                                                0x00405ec1
                                                                                                                                                                                0x00405ec4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405eca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ee7
                                                                                                                                                                                0x00405ee7
                                                                                                                                                                                0x00405eeb
                                                                                                                                                                                0x00406797
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406797
                                                                                                                                                                                0x00405ef4
                                                                                                                                                                                0x00405f04
                                                                                                                                                                                0x00405f07
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0a
                                                                                                                                                                                0x00405f0d
                                                                                                                                                                                0x00405f11
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f13
                                                                                                                                                                                0x00405f19
                                                                                                                                                                                0x00405f43
                                                                                                                                                                                0x00405f49
                                                                                                                                                                                0x00405f50
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f50
                                                                                                                                                                                0x00405f1f
                                                                                                                                                                                0x00405f22
                                                                                                                                                                                0x00405f27
                                                                                                                                                                                0x00405f27
                                                                                                                                                                                0x00405f32
                                                                                                                                                                                0x00405f3a
                                                                                                                                                                                0x00405f3d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f82
                                                                                                                                                                                0x00405f88
                                                                                                                                                                                0x00405f8b
                                                                                                                                                                                0x00405f98
                                                                                                                                                                                0x00405fa0
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405f57
                                                                                                                                                                                0x00405f57
                                                                                                                                                                                0x00405f5b
                                                                                                                                                                                0x004067a6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067a6
                                                                                                                                                                                0x00405f67
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f72
                                                                                                                                                                                0x00405f75
                                                                                                                                                                                0x00405f78
                                                                                                                                                                                0x00405f7b
                                                                                                                                                                                0x00405f80
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x0040661d
                                                                                                                                                                                0x00406623
                                                                                                                                                                                0x00406629
                                                                                                                                                                                0x00406643
                                                                                                                                                                                0x00406646
                                                                                                                                                                                0x0040664c
                                                                                                                                                                                0x00406657
                                                                                                                                                                                0x00406659
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040662b
                                                                                                                                                                                0x0040663a
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x0040663e
                                                                                                                                                                                0x00406663
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405fa8
                                                                                                                                                                                0x00405faa
                                                                                                                                                                                0x00405fad
                                                                                                                                                                                0x0040601e
                                                                                                                                                                                0x00406021
                                                                                                                                                                                0x00406024
                                                                                                                                                                                0x0040602b
                                                                                                                                                                                0x00406035
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00405faf
                                                                                                                                                                                0x00405fb3
                                                                                                                                                                                0x00405fb6
                                                                                                                                                                                0x00405fb8
                                                                                                                                                                                0x00405fbb
                                                                                                                                                                                0x00405fbe
                                                                                                                                                                                0x00405fc0
                                                                                                                                                                                0x00405fc3
                                                                                                                                                                                0x00405fc5
                                                                                                                                                                                0x00405fca
                                                                                                                                                                                0x00405fcd
                                                                                                                                                                                0x00405fd0
                                                                                                                                                                                0x00405fd4
                                                                                                                                                                                0x00405fdb
                                                                                                                                                                                0x00405fde
                                                                                                                                                                                0x00405fe5
                                                                                                                                                                                0x00405fe9
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405feb
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                0x00405ff5
                                                                                                                                                                                0x00405ff8
                                                                                                                                                                                0x00406016
                                                                                                                                                                                0x00406018
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ffa
                                                                                                                                                                                0x00405ffa
                                                                                                                                                                                0x00405ffd
                                                                                                                                                                                0x00406000
                                                                                                                                                                                0x00406003
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406005
                                                                                                                                                                                0x00406008
                                                                                                                                                                                0x0040600b
                                                                                                                                                                                0x0040600d
                                                                                                                                                                                0x0040600e
                                                                                                                                                                                0x00406011
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406011
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406247
                                                                                                                                                                                0x0040624b
                                                                                                                                                                                0x00406269
                                                                                                                                                                                0x0040626c
                                                                                                                                                                                0x00406273
                                                                                                                                                                                0x00406276
                                                                                                                                                                                0x00406279
                                                                                                                                                                                0x0040627c
                                                                                                                                                                                0x0040627f
                                                                                                                                                                                0x00406282
                                                                                                                                                                                0x00406284
                                                                                                                                                                                0x0040628b
                                                                                                                                                                                0x0040628c
                                                                                                                                                                                0x0040628e
                                                                                                                                                                                0x00406291
                                                                                                                                                                                0x00406294
                                                                                                                                                                                0x00406297
                                                                                                                                                                                0x00406297
                                                                                                                                                                                0x0040629c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040629c
                                                                                                                                                                                0x0040624d
                                                                                                                                                                                0x00406250
                                                                                                                                                                                0x00406253
                                                                                                                                                                                0x0040625d
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062f4
                                                                                                                                                                                0x004062f8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004062fe
                                                                                                                                                                                0x00406302
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406308
                                                                                                                                                                                0x0040630a
                                                                                                                                                                                0x0040630e
                                                                                                                                                                                0x0040630e
                                                                                                                                                                                0x00406311
                                                                                                                                                                                0x00406315
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406365
                                                                                                                                                                                0x00406369
                                                                                                                                                                                0x00406370
                                                                                                                                                                                0x00406373
                                                                                                                                                                                0x00406376
                                                                                                                                                                                0x00406380
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x0040636b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040638c
                                                                                                                                                                                0x00406390
                                                                                                                                                                                0x00406397
                                                                                                                                                                                0x0040639a
                                                                                                                                                                                0x0040639d
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x00406392
                                                                                                                                                                                0x004063a0
                                                                                                                                                                                0x004063a3
                                                                                                                                                                                0x004063a6
                                                                                                                                                                                0x004063a6
                                                                                                                                                                                0x004063a9
                                                                                                                                                                                0x004063ac
                                                                                                                                                                                0x004063af
                                                                                                                                                                                0x004063af
                                                                                                                                                                                0x004063b2
                                                                                                                                                                                0x004063b9
                                                                                                                                                                                0x004063be
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040644c
                                                                                                                                                                                0x0040644c
                                                                                                                                                                                0x00406450
                                                                                                                                                                                0x004067ee
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067ee
                                                                                                                                                                                0x00406456
                                                                                                                                                                                0x00406459
                                                                                                                                                                                0x0040645c
                                                                                                                                                                                0x00406460
                                                                                                                                                                                0x00406463
                                                                                                                                                                                0x00406469
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646b
                                                                                                                                                                                0x0040646e
                                                                                                                                                                                0x00406471
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406041
                                                                                                                                                                                0x00406041
                                                                                                                                                                                0x00406045
                                                                                                                                                                                0x004067b2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067b2
                                                                                                                                                                                0x0040604b
                                                                                                                                                                                0x0040604e
                                                                                                                                                                                0x00406051
                                                                                                                                                                                0x00406055
                                                                                                                                                                                0x00406058
                                                                                                                                                                                0x0040605e
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406060
                                                                                                                                                                                0x00406063
                                                                                                                                                                                0x00406066
                                                                                                                                                                                0x00406066
                                                                                                                                                                                0x00406069
                                                                                                                                                                                0x0040606c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406072
                                                                                                                                                                                0x00406078
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040607e
                                                                                                                                                                                0x0040607e
                                                                                                                                                                                0x00406082
                                                                                                                                                                                0x00406085
                                                                                                                                                                                0x00406088
                                                                                                                                                                                0x0040608b
                                                                                                                                                                                0x0040608e
                                                                                                                                                                                0x0040608f
                                                                                                                                                                                0x00406092
                                                                                                                                                                                0x00406094
                                                                                                                                                                                0x0040609a
                                                                                                                                                                                0x0040609d
                                                                                                                                                                                0x004060a0
                                                                                                                                                                                0x004060a3
                                                                                                                                                                                0x004060a6
                                                                                                                                                                                0x004060a9
                                                                                                                                                                                0x004060ac
                                                                                                                                                                                0x004060c8
                                                                                                                                                                                0x004060cb
                                                                                                                                                                                0x004060ce
                                                                                                                                                                                0x004060d1
                                                                                                                                                                                0x004060d8
                                                                                                                                                                                0x004060dc
                                                                                                                                                                                0x004060de
                                                                                                                                                                                0x004060e2
                                                                                                                                                                                0x004060ae
                                                                                                                                                                                0x004060ae
                                                                                                                                                                                0x004060b2
                                                                                                                                                                                0x004060ba
                                                                                                                                                                                0x004060bf
                                                                                                                                                                                0x004060c1
                                                                                                                                                                                0x004060c3
                                                                                                                                                                                0x004060c3
                                                                                                                                                                                0x004060e5
                                                                                                                                                                                0x004060ec
                                                                                                                                                                                0x004060ef
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060f5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060f5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004060fa
                                                                                                                                                                                0x004060fa
                                                                                                                                                                                0x004060fe
                                                                                                                                                                                0x004067be
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067be
                                                                                                                                                                                0x00406104
                                                                                                                                                                                0x00406107
                                                                                                                                                                                0x0040610a
                                                                                                                                                                                0x0040610e
                                                                                                                                                                                0x00406111
                                                                                                                                                                                0x00406117
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x00406119
                                                                                                                                                                                0x0040611c
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x0040611f
                                                                                                                                                                                0x00406125
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406127
                                                                                                                                                                                0x0040612a
                                                                                                                                                                                0x0040612d
                                                                                                                                                                                0x00406130
                                                                                                                                                                                0x00406133
                                                                                                                                                                                0x00406136
                                                                                                                                                                                0x00406139
                                                                                                                                                                                0x0040613c
                                                                                                                                                                                0x0040613f
                                                                                                                                                                                0x00406142
                                                                                                                                                                                0x00406145
                                                                                                                                                                                0x0040615d
                                                                                                                                                                                0x00406160
                                                                                                                                                                                0x00406163
                                                                                                                                                                                0x00406166
                                                                                                                                                                                0x00406166
                                                                                                                                                                                0x00406169
                                                                                                                                                                                0x0040616d
                                                                                                                                                                                0x0040616f
                                                                                                                                                                                0x00406147
                                                                                                                                                                                0x00406147
                                                                                                                                                                                0x0040614f
                                                                                                                                                                                0x00406154
                                                                                                                                                                                0x00406156
                                                                                                                                                                                0x00406158
                                                                                                                                                                                0x00406158
                                                                                                                                                                                0x00406172
                                                                                                                                                                                0x00406179
                                                                                                                                                                                0x0040617c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040617e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040617e
                                                                                                                                                                                0x0040617c
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00406183
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004061be
                                                                                                                                                                                0x004061be
                                                                                                                                                                                0x004061c2
                                                                                                                                                                                0x004067ca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067ca
                                                                                                                                                                                0x004061c8
                                                                                                                                                                                0x004061cb
                                                                                                                                                                                0x004061ce
                                                                                                                                                                                0x004061d2
                                                                                                                                                                                0x004061d5
                                                                                                                                                                                0x004061db
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061dd
                                                                                                                                                                                0x004061e0
                                                                                                                                                                                0x004061e3
                                                                                                                                                                                0x004061e3
                                                                                                                                                                                0x004061e9
                                                                                                                                                                                0x00406187
                                                                                                                                                                                0x00406187
                                                                                                                                                                                0x0040618a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040618a
                                                                                                                                                                                0x004061eb
                                                                                                                                                                                0x004061eb
                                                                                                                                                                                0x004061ee
                                                                                                                                                                                0x004061f1
                                                                                                                                                                                0x004061f4
                                                                                                                                                                                0x004061f7
                                                                                                                                                                                0x004061fa
                                                                                                                                                                                0x004061fd
                                                                                                                                                                                0x00406200
                                                                                                                                                                                0x00406203
                                                                                                                                                                                0x00406206
                                                                                                                                                                                0x00406209
                                                                                                                                                                                0x00406221
                                                                                                                                                                                0x00406224
                                                                                                                                                                                0x00406227
                                                                                                                                                                                0x0040622a
                                                                                                                                                                                0x0040622a
                                                                                                                                                                                0x0040622d
                                                                                                                                                                                0x00406231
                                                                                                                                                                                0x00406233
                                                                                                                                                                                0x0040620b
                                                                                                                                                                                0x0040620b
                                                                                                                                                                                0x00406213
                                                                                                                                                                                0x00406218
                                                                                                                                                                                0x0040621a
                                                                                                                                                                                0x0040621c
                                                                                                                                                                                0x0040621c
                                                                                                                                                                                0x00406236
                                                                                                                                                                                0x0040623d
                                                                                                                                                                                0x00406240
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406242
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406242
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064cf
                                                                                                                                                                                0x004064cf
                                                                                                                                                                                0x004064d3
                                                                                                                                                                                0x004067fa
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067fa
                                                                                                                                                                                0x004064d9
                                                                                                                                                                                0x004064dc
                                                                                                                                                                                0x004064df
                                                                                                                                                                                0x004064e3
                                                                                                                                                                                0x004064e6
                                                                                                                                                                                0x004064ec
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064ee
                                                                                                                                                                                0x004064f1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040629f
                                                                                                                                                                                0x0040629f
                                                                                                                                                                                0x004062a2
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065de
                                                                                                                                                                                0x004065e2
                                                                                                                                                                                0x00406604
                                                                                                                                                                                0x00406607
                                                                                                                                                                                0x00406611
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x00406614
                                                                                                                                                                                0x004065e4
                                                                                                                                                                                0x004065e7
                                                                                                                                                                                0x004065eb
                                                                                                                                                                                0x004065ee
                                                                                                                                                                                0x004065ee
                                                                                                                                                                                0x004065f1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040669b
                                                                                                                                                                                0x0040669f
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066bd
                                                                                                                                                                                0x004066c4
                                                                                                                                                                                0x004066cb
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066d2
                                                                                                                                                                                0x004066a1
                                                                                                                                                                                0x004066a4
                                                                                                                                                                                0x004066a7
                                                                                                                                                                                0x004066aa
                                                                                                                                                                                0x004066b1
                                                                                                                                                                                0x004065f5
                                                                                                                                                                                0x004065f5
                                                                                                                                                                                0x004065f8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040678c
                                                                                                                                                                                0x0040678f
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004063c6
                                                                                                                                                                                0x004063c8
                                                                                                                                                                                0x004063cf
                                                                                                                                                                                0x004063d0
                                                                                                                                                                                0x004063d2
                                                                                                                                                                                0x004063d5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004063dd
                                                                                                                                                                                0x004063e0
                                                                                                                                                                                0x004063e3
                                                                                                                                                                                0x004063e5
                                                                                                                                                                                0x004063e7
                                                                                                                                                                                0x004063e7
                                                                                                                                                                                0x004063e8
                                                                                                                                                                                0x004063eb
                                                                                                                                                                                0x004063f2
                                                                                                                                                                                0x004063f5
                                                                                                                                                                                0x00406403
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066d9
                                                                                                                                                                                0x004066dc
                                                                                                                                                                                0x004066e3
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004066e8
                                                                                                                                                                                0x004066e8
                                                                                                                                                                                0x004066ec
                                                                                                                                                                                0x00406824
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406824
                                                                                                                                                                                0x004066f2
                                                                                                                                                                                0x004066f5
                                                                                                                                                                                0x004066f8
                                                                                                                                                                                0x004066fc
                                                                                                                                                                                0x004066ff
                                                                                                                                                                                0x00406705
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x00406707
                                                                                                                                                                                0x0040670a
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x0040670d
                                                                                                                                                                                0x00406710
                                                                                                                                                                                0x00406710
                                                                                                                                                                                0x00406714
                                                                                                                                                                                0x00406774
                                                                                                                                                                                0x00406777
                                                                                                                                                                                0x0040677c
                                                                                                                                                                                0x0040677d
                                                                                                                                                                                0x0040677f
                                                                                                                                                                                0x00406781
                                                                                                                                                                                0x00406784
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406696
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406716
                                                                                                                                                                                0x0040671c
                                                                                                                                                                                0x0040671f
                                                                                                                                                                                0x00406722
                                                                                                                                                                                0x00406725
                                                                                                                                                                                0x00406728
                                                                                                                                                                                0x0040672b
                                                                                                                                                                                0x0040672e
                                                                                                                                                                                0x00406731
                                                                                                                                                                                0x00406734
                                                                                                                                                                                0x00406737
                                                                                                                                                                                0x00406750
                                                                                                                                                                                0x00406753
                                                                                                                                                                                0x00406756
                                                                                                                                                                                0x00406759
                                                                                                                                                                                0x0040675d
                                                                                                                                                                                0x0040675f
                                                                                                                                                                                0x0040675f
                                                                                                                                                                                0x00406760
                                                                                                                                                                                0x00406763
                                                                                                                                                                                0x00406739
                                                                                                                                                                                0x00406739
                                                                                                                                                                                0x00406741
                                                                                                                                                                                0x00406746
                                                                                                                                                                                0x00406748
                                                                                                                                                                                0x0040674b
                                                                                                                                                                                0x0040674b
                                                                                                                                                                                0x00406766
                                                                                                                                                                                0x0040676d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040676f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040676f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040640b
                                                                                                                                                                                0x0040640e
                                                                                                                                                                                0x00406444
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406574
                                                                                                                                                                                0x00406577
                                                                                                                                                                                0x00406577
                                                                                                                                                                                0x0040657a
                                                                                                                                                                                0x0040657c
                                                                                                                                                                                0x00406806
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406806
                                                                                                                                                                                0x00406582
                                                                                                                                                                                0x00406585
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040658b
                                                                                                                                                                                0x0040658f
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406592
                                                                                                                                                                                0x00406410
                                                                                                                                                                                0x00406412
                                                                                                                                                                                0x00406414
                                                                                                                                                                                0x00406416
                                                                                                                                                                                0x00406419
                                                                                                                                                                                0x0040641a
                                                                                                                                                                                0x0040641c
                                                                                                                                                                                0x0040641e
                                                                                                                                                                                0x00406421
                                                                                                                                                                                0x00406424
                                                                                                                                                                                0x0040643a
                                                                                                                                                                                0x0040643f
                                                                                                                                                                                0x00406477
                                                                                                                                                                                0x00406477
                                                                                                                                                                                0x0040647b
                                                                                                                                                                                0x004064a7
                                                                                                                                                                                0x004064a9
                                                                                                                                                                                0x004064b0
                                                                                                                                                                                0x004064b3
                                                                                                                                                                                0x004064b6
                                                                                                                                                                                0x004064b6
                                                                                                                                                                                0x004064bb
                                                                                                                                                                                0x004064bb
                                                                                                                                                                                0x004064bd
                                                                                                                                                                                0x004064c0
                                                                                                                                                                                0x004064c7
                                                                                                                                                                                0x004064ca
                                                                                                                                                                                0x004064f7
                                                                                                                                                                                0x004064f7
                                                                                                                                                                                0x004064fa
                                                                                                                                                                                0x004064fd
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406571
                                                                                                                                                                                0x004064ff
                                                                                                                                                                                0x00406505
                                                                                                                                                                                0x00406508
                                                                                                                                                                                0x0040650b
                                                                                                                                                                                0x0040650e
                                                                                                                                                                                0x00406511
                                                                                                                                                                                0x00406514
                                                                                                                                                                                0x00406517
                                                                                                                                                                                0x0040651a
                                                                                                                                                                                0x0040651d
                                                                                                                                                                                0x00406520
                                                                                                                                                                                0x00406539
                                                                                                                                                                                0x0040653b
                                                                                                                                                                                0x0040653e
                                                                                                                                                                                0x0040653f
                                                                                                                                                                                0x00406542
                                                                                                                                                                                0x00406544
                                                                                                                                                                                0x00406547
                                                                                                                                                                                0x00406549
                                                                                                                                                                                0x0040654b
                                                                                                                                                                                0x0040654e
                                                                                                                                                                                0x00406550
                                                                                                                                                                                0x00406553
                                                                                                                                                                                0x00406557
                                                                                                                                                                                0x00406559
                                                                                                                                                                                0x00406559
                                                                                                                                                                                0x0040655a
                                                                                                                                                                                0x0040655d
                                                                                                                                                                                0x00406560
                                                                                                                                                                                0x00406522
                                                                                                                                                                                0x00406522
                                                                                                                                                                                0x0040652a
                                                                                                                                                                                0x0040652f
                                                                                                                                                                                0x00406531
                                                                                                                                                                                0x00406534
                                                                                                                                                                                0x00406534
                                                                                                                                                                                0x00406563
                                                                                                                                                                                0x0040656a
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x004064f4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040656c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040656c
                                                                                                                                                                                0x0040656a
                                                                                                                                                                                0x0040647d
                                                                                                                                                                                0x00406480
                                                                                                                                                                                0x00406482
                                                                                                                                                                                0x00406485
                                                                                                                                                                                0x00406488
                                                                                                                                                                                0x0040648b
                                                                                                                                                                                0x0040648d
                                                                                                                                                                                0x00406490
                                                                                                                                                                                0x00406493
                                                                                                                                                                                0x00406493
                                                                                                                                                                                0x00406496
                                                                                                                                                                                0x00406496
                                                                                                                                                                                0x00406499
                                                                                                                                                                                0x004064a0
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00406474
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064a2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004064a2
                                                                                                                                                                                0x004064a0
                                                                                                                                                                                0x00406426
                                                                                                                                                                                0x00406429
                                                                                                                                                                                0x0040642b
                                                                                                                                                                                0x0040642e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040618d
                                                                                                                                                                                0x0040618d
                                                                                                                                                                                0x00406191
                                                                                                                                                                                0x004067d6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067d6
                                                                                                                                                                                0x00406197
                                                                                                                                                                                0x0040619a
                                                                                                                                                                                0x0040619d
                                                                                                                                                                                0x004061a0
                                                                                                                                                                                0x004061a3
                                                                                                                                                                                0x004061a6
                                                                                                                                                                                0x004061a9
                                                                                                                                                                                0x004061ab
                                                                                                                                                                                0x004061ae
                                                                                                                                                                                0x004061b1
                                                                                                                                                                                0x004061b4
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x004061b6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406318
                                                                                                                                                                                0x00406318
                                                                                                                                                                                0x0040631c
                                                                                                                                                                                0x004067e2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004067e2
                                                                                                                                                                                0x00406322
                                                                                                                                                                                0x00406325
                                                                                                                                                                                0x00406328
                                                                                                                                                                                0x0040632b
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x0040632d
                                                                                                                                                                                0x00406330
                                                                                                                                                                                0x00406333
                                                                                                                                                                                0x00406336
                                                                                                                                                                                0x00406339
                                                                                                                                                                                0x0040633c
                                                                                                                                                                                0x0040633f
                                                                                                                                                                                0x00406340
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406342
                                                                                                                                                                                0x00406345
                                                                                                                                                                                0x00406348
                                                                                                                                                                                0x0040634b
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x0040634e
                                                                                                                                                                                0x00406351
                                                                                                                                                                                0x00406353
                                                                                                                                                                                0x00406353
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406595
                                                                                                                                                                                0x00406599
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040659f
                                                                                                                                                                                0x004065a2
                                                                                                                                                                                0x004065a5
                                                                                                                                                                                0x004065a8
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065aa
                                                                                                                                                                                0x004065ad
                                                                                                                                                                                0x004065b0
                                                                                                                                                                                0x004065b3
                                                                                                                                                                                0x004065b6
                                                                                                                                                                                0x004065b9
                                                                                                                                                                                0x004065bc
                                                                                                                                                                                0x004065bd
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065bf
                                                                                                                                                                                0x004065c2
                                                                                                                                                                                0x004065c5
                                                                                                                                                                                0x004065c8
                                                                                                                                                                                0x004065cb
                                                                                                                                                                                0x004065ce
                                                                                                                                                                                0x004065d2
                                                                                                                                                                                0x004065d4
                                                                                                                                                                                0x004065d7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004065d9
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406356
                                                                                                                                                                                0x004065d7
                                                                                                                                                                                0x0040680c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405e3b
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00406843
                                                                                                                                                                                0x00406690
                                                                                                                                                                                0x00406617
                                                                                                                                                                                0x00406614

                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: be6e9d30e93fbb49eb3c361b8f1c94b7932ac8d56391751c3e2361f0828e0a06
                                                                                                                                                                                • Instruction ID: f7c6f07f586ed293a1c67bf574783cb577a0acbc2814a7f5ecfd539a56c9ebac
                                                                                                                                                                                • Opcode Fuzzy Hash: be6e9d30e93fbb49eb3c361b8f1c94b7932ac8d56391751c3e2361f0828e0a06
                                                                                                                                                                                • Instruction Fuzzy Hash: AF715671D00229CBDF28CF98C844BADBBB1FF44305F15816AD816BB281C7785A46DF54
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00401B06, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 59%
                                                                                                                                                                                			E00401B06(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x1c));
				_t30 =  *0x40af50; // 0x0
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E004059FF(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x24)));
						_t11 =  *0x40af50; // 0x0
						 *_t34 = _t11;
						 *0x40af50 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x4
							E004059DD(_t33, _t2);
							_push(_t30);
							 *0x40af50 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								E004059DD(0x409b50, _t30 + 4);
								_t21 =  *0x40af50; // 0x0
								E004059DD(_t32, _t21 + 4);
								_t24 =  *0x40af50; // 0x0
								_push(0x409b50);
								_push(_t24 + 4);
								E004059DD();
								L15:
								 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E004059FF(_t27, _t30, _t33, _t27, 0xffffffe8));
					E0040529E();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}













                                                                                                                                                                                0x00401b06
                                                                                                                                                                                0x00401b06
                                                                                                                                                                                0x00401b09
                                                                                                                                                                                0x00401b11
                                                                                                                                                                                0x00401b59
                                                                                                                                                                                0x00401b87
                                                                                                                                                                                0x00401b90
                                                                                                                                                                                0x00401b92
                                                                                                                                                                                0x00401b96
                                                                                                                                                                                0x00401b9b
                                                                                                                                                                                0x00401ba0
                                                                                                                                                                                0x00401ba2
                                                                                                                                                                                0x00401b5b
                                                                                                                                                                                0x00401b5d
                                                                                                                                                                                0x0040265c
                                                                                                                                                                                0x00401b63
                                                                                                                                                                                0x00401b63
                                                                                                                                                                                0x00401b68
                                                                                                                                                                                0x00401b6f
                                                                                                                                                                                0x00401b70
                                                                                                                                                                                0x00401b75
                                                                                                                                                                                0x00401b75
                                                                                                                                                                                0x00401b5d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00401b13
                                                                                                                                                                                0x00401b13
                                                                                                                                                                                0x00401b13
                                                                                                                                                                                0x00401b16
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00401b1c
                                                                                                                                                                                0x00401b20
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00401b22
                                                                                                                                                                                0x00401b24
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00401b2a
                                                                                                                                                                                0x00401b2a
                                                                                                                                                                                0x00401b34
                                                                                                                                                                                0x00401b39
                                                                                                                                                                                0x00401b43
                                                                                                                                                                                0x00401b48
                                                                                                                                                                                0x00401b4d
                                                                                                                                                                                0x00401b51
                                                                                                                                                                                0x004027b1
                                                                                                                                                                                0x0040288b
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x00402894
                                                                                                                                                                                0x00402894
                                                                                                                                                                                0x00401b24
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00401b20
                                                                                                                                                                                0x004021fb
                                                                                                                                                                                0x00402208
                                                                                                                                                                                0x00402209
                                                                                                                                                                                0x0040220e
                                                                                                                                                                                0x0040220e
                                                                                                                                                                                0x00402896
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 00401B75
                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401B87
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Global$AllocFree
                                                                                                                                                                                • String ID: show
                                                                                                                                                                                • API String ID: 3394109436-839833857
                                                                                                                                                                                • Opcode ID: 0c325e54f346298ce71c2e49e0b07d342970ac7a60d073ea7525efb906efe417
                                                                                                                                                                                • Instruction ID: dedcc356a049729cc32aa0533657a7b943fc31f5ec42b7739970f76d43a2a4df
                                                                                                                                                                                • Opcode Fuzzy Hash: 0c325e54f346298ce71c2e49e0b07d342970ac7a60d073ea7525efb906efe417
                                                                                                                                                                                • Instruction Fuzzy Hash: D221A8B2604202DBD710FBA4DE8595F73A4FB44328724453BF606F32D0EB78A8119B6E
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00401E1B, Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                			E00401E1B() {
				void* _t15;
				void* _t24;
				void* _t26;
				void* _t31;

				_t28 = E004029F6(_t24);
				E00404D7B(0xffffffeb, _t13); // executed
				_t15 = E0040523D(_t28); // executed
				 *(_t31 + 8) = _t15;
				if(_t15 == _t24) {
					 *((intOrPtr*)(_t31 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t31 - 0x1c)) != _t24) {
						while(WaitForSingleObject( *(_t31 + 8), 0x64) == 0x102) {
							E00405D38(0xf);
						}
						GetExitCodeProcess( *(_t31 + 8), _t31 - 8); // executed
						if( *((intOrPtr*)(_t31 - 0x20)) < _t24) {
							if( *(_t31 - 8) != _t24) {
								 *((intOrPtr*)(_t31 - 4)) = 1;
							}
						} else {
							E0040593B(_t26,  *(_t31 - 8));
						}
					}
					_push( *(_t31 + 8));
					CloseHandle();
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t31 - 4));
				return 0;
			}







                                                                                                                                                                                0x00401e21
                                                                                                                                                                                0x00401e26
                                                                                                                                                                                0x00401e2c
                                                                                                                                                                                0x00401e33
                                                                                                                                                                                0x00401e36
                                                                                                                                                                                0x0040265c
                                                                                                                                                                                0x00401e3c
                                                                                                                                                                                0x00401e3f
                                                                                                                                                                                0x00401e50
                                                                                                                                                                                0x00401e4b
                                                                                                                                                                                0x00401e4b
                                                                                                                                                                                0x00401e65
                                                                                                                                                                                0x00401e6e
                                                                                                                                                                                0x00401e7e
                                                                                                                                                                                0x00401e80
                                                                                                                                                                                0x00401e80
                                                                                                                                                                                0x00401e70
                                                                                                                                                                                0x00401e74
                                                                                                                                                                                0x00401e74
                                                                                                                                                                                0x00401e6e
                                                                                                                                                                                0x00401e87
                                                                                                                                                                                0x00401e8a
                                                                                                                                                                                0x00401e8a
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00404D7B: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00000000,004ED7FE,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000,?), ref: 00404DB4
                                                                                                                                                                                  • Part of subcall function 00404D7B: lstrlenA.KERNEL32(00402F8B,Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00000000,004ED7FE,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000), ref: 00404DC4
                                                                                                                                                                                  • Part of subcall function 00404D7B: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00402F8B,00402F8B,Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,00000000,004ED7FE,00000000), ref: 00404DD7
                                                                                                                                                                                  • Part of subcall function 00404D7B: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\), ref: 00404DE9
                                                                                                                                                                                  • Part of subcall function 00404D7B: SendMessageA.USER32 ref: 00404E0F
                                                                                                                                                                                  • Part of subcall function 00404D7B: SendMessageA.USER32 ref: 00404E29
                                                                                                                                                                                  • Part of subcall function 00404D7B: SendMessageA.USER32 ref: 00404E37
                                                                                                                                                                                  • Part of subcall function 0040523D: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422480,Error launching installer), ref: 00405262
                                                                                                                                                                                  • Part of subcall function 0040523D: CloseHandle.KERNEL32(?), ref: 0040526F
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E55
                                                                                                                                                                                • GetExitCodeProcess.KERNELBASE ref: 00401E65
                                                                                                                                                                                • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401E8A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3521207402-0
                                                                                                                                                                                • Opcode ID: 7b5ea6098163a721225316e6cb59af18a26e7111e3aadd83b40fd5b5fc9d02e7
                                                                                                                                                                                • Instruction ID: e59f33a83564baa95368ed7ffa3d517a66a6b48d9bc55f4210568fb4246de59a
                                                                                                                                                                                • Opcode Fuzzy Hash: 7b5ea6098163a721225316e6cb59af18a26e7111e3aadd83b40fd5b5fc9d02e7
                                                                                                                                                                                • Instruction Fuzzy Hash: DB018071D04114EBCF11AFA1CD8599E7A75EF00348F20803BFA05B51E1C3794A81DB9A
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004058C4, Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 90%
                                                                                                                                                                                			E004058C4(void* _a4, int _a8, char* _a12, int _a16, void* _a20) {
				long _t20;
				long _t23;
				long _t24;
				char* _t26;

				asm("sbb eax, eax");
				_t26 = _a16;
				 *_t26 = 0;
				_t20 = RegOpenKeyExA(_a4, _a8, 0,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				if(_t20 == 0) {
					_a8 = 0x400;
					_t23 = RegQueryValueExA(_a20, _a12, 0,  &_a16, _t26,  &_a8); // executed
					if(_t23 != 0 || _a16 != 1 && _a16 != 2) {
						 *_t26 = 0;
					}
					_t26[0x3ff] = 0;
					_t24 = RegCloseKey(_a20); // executed
					return _t24;
				}
				return _t20;
			}







                                                                                                                                                                                0x004058d4
                                                                                                                                                                                0x004058d6
                                                                                                                                                                                0x004058e3
                                                                                                                                                                                0x004058ed
                                                                                                                                                                                0x004058f5
                                                                                                                                                                                0x004058fa
                                                                                                                                                                                0x0040590e
                                                                                                                                                                                0x00405916
                                                                                                                                                                                0x00405924
                                                                                                                                                                                0x00405924
                                                                                                                                                                                0x00405929
                                                                                                                                                                                0x0040592f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040592f
                                                                                                                                                                                0x00405938

                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(80000002,00405B00,00000000,00000002,?,00000002,00054D3D,?,00405B00,80000002,Software\Microsoft\Windows\CurrentVersion,00054D3D,Remove folder: ,00478BF5), ref: 004058ED
                                                                                                                                                                                • RegQueryValueExA.KERNELBASE(00054D3D,?,00000000,00405B00,00054D3D,00405B00), ref: 0040590E
                                                                                                                                                                                • RegCloseKey.KERNELBASE(?), ref: 0040592F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3677997916-0
                                                                                                                                                                                • Opcode ID: 20ca1dc64cf80f35bde4a5a459f169022cfe0f17446037da1f5ac97088a586f8
                                                                                                                                                                                • Instruction ID: 4090c2ea748c6a1ef83dea1f090ecbfc83cda06d8c091eb14dd66de5cad0d057
                                                                                                                                                                                • Opcode Fuzzy Hash: 20ca1dc64cf80f35bde4a5a459f169022cfe0f17446037da1f5ac97088a586f8
                                                                                                                                                                                • Instruction Fuzzy Hash: DA0156B144020EEFDF228F64EC48AEB3FACEF143A4F004436F944A6220D235D964DBA5
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00402427, Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                			E00402427(int* __ebx, char* __esi) {
				int _t8;
				long _t11;
				int* _t14;
				void* _t18;
				char* _t20;
				void* _t22;
				void* _t25;

				_t20 = __esi;
				_t14 = __ebx;
				_t18 = E00402B00(_t25, 0x20019);
				_t8 = E004029D9(3);
				 *__esi = __ebx;
				if(_t18 == __ebx) {
					L7:
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					 *(_t22 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t22 - 0x14)) == __ebx) {
						_t11 = RegEnumValueA(_t18, _t8, __esi, _t22 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t11;
						if(_t11 != 0) {
							goto L7;
						} else {
							goto L4;
						}
					} else {
						RegEnumKeyA(_t18, _t8, __esi, 0x3ff);
						L4:
						_t20[0x3ff] = _t14;
						_push(_t18); // executed
						RegCloseKey(); // executed
					}
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}










                                                                                                                                                                                0x00402427
                                                                                                                                                                                0x00402427
                                                                                                                                                                                0x00402433
                                                                                                                                                                                0x00402435
                                                                                                                                                                                0x0040243c
                                                                                                                                                                                0x0040243e
                                                                                                                                                                                0x0040265c
                                                                                                                                                                                0x0040265c
                                                                                                                                                                                0x00402444
                                                                                                                                                                                0x0040244c
                                                                                                                                                                                0x0040244f
                                                                                                                                                                                0x00402468
                                                                                                                                                                                0x0040246e
                                                                                                                                                                                0x00402470
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402451
                                                                                                                                                                                0x00402455
                                                                                                                                                                                0x00402476
                                                                                                                                                                                0x00402476
                                                                                                                                                                                0x0040247c
                                                                                                                                                                                0x0040247d
                                                                                                                                                                                0x0040247d
                                                                                                                                                                                0x0040244f
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00402B00: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                                                                • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402455
                                                                                                                                                                                • RegEnumValueA.ADVAPI32 ref: 00402468
                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Enum$CloseOpenValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 167947723-0
                                                                                                                                                                                • Opcode ID: e2f80b80baa03604ef96cc0b5eb0a812df5ce76e2325c321a32b65c77b87080a
                                                                                                                                                                                • Instruction ID: 323df63ddd6a9f09ec1088b6260a8986ee2a6ccff1f267de23e4284cd7b62ed6
                                                                                                                                                                                • Opcode Fuzzy Hash: e2f80b80baa03604ef96cc0b5eb0a812df5ce76e2325c321a32b65c77b87080a
                                                                                                                                                                                • Instruction Fuzzy Hash: 2BF0A271A04201EFE715AF659E88EBB7A6CDB40388F10843FF406A61C0D2B85D42967A
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00402267, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00402267(char __ebx) {
				CHAR* _t8;
				CHAR* _t10;
				CHAR* _t20;
				void* _t22;
				void* _t25;

				 *(_t22 + 8) = 0x7e4e21;
				_t8 = E004029F6(1);
				 *(_t22 - 0x30) = E004029F6(0x12);
				_t10 = E004029F6(0xffffffdd);
				_t3 = _t22 + 8; // 0x7e4e21
				GetPrivateProfileStringA(_t8,  *(_t22 - 0x30), _t3, _t20, 0x3ff, _t10); // executed
				_t25 =  *_t20 -  *(_t22 + 8);
				if(_t25 == 0) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
					 *_t20 = __ebx;
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}








                                                                                                                                                                                0x00402269
                                                                                                                                                                                0x00402270
                                                                                                                                                                                0x00402280
                                                                                                                                                                                0x00402283
                                                                                                                                                                                0x0040228e
                                                                                                                                                                                0x00402297
                                                                                                                                                                                0x0040229f
                                                                                                                                                                                0x00401716
                                                                                                                                                                                0x00402630
                                                                                                                                                                                0x00402637
                                                                                                                                                                                0x00402637
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetPrivateProfileStringA.KERNEL32(00000000,?,!N~,?,000003FF,00000000), ref: 00402297
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PrivateProfileString
                                                                                                                                                                                • String ID: !N~
                                                                                                                                                                                • API String ID: 1096422788-529124213
                                                                                                                                                                                • Opcode ID: 83959307df37686c86d75e4de7286cd2fa4b3ebc5ce89ae33a3a58613c6f73fc
                                                                                                                                                                                • Instruction ID: 21cd7503a9a85725414fd2f210def48a3ed87e9b9f52c0cacc02f36f79452d1c
                                                                                                                                                                                • Opcode Fuzzy Hash: 83959307df37686c86d75e4de7286cd2fa4b3ebc5ce89ae33a3a58613c6f73fc
                                                                                                                                                                                • Instruction Fuzzy Hash: E4E04F71900208BBDB50AFA1CD49DAE3AA8BF043C4F100129FA10AB1C1DBB89541AB55
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00403D68, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00403D68(int _a4) {
				long _t3;

				if(_a4 == 0x78) {
					 *0x42364c =  *0x42364c + 1;
				}
				_t3 = SendMessageA( *0x423e88, 0x408, _a4, 0); // executed
				return _t3;
			}




                                                                                                                                                                                0x00403d6d
                                                                                                                                                                                0x00403d6f
                                                                                                                                                                                0x00403d6f
                                                                                                                                                                                0x00403d86
                                                                                                                                                                                0x00403d8c

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                • String ID: x
                                                                                                                                                                                • API String ID: 3850602802-2363233923
                                                                                                                                                                                • Opcode ID: 6926c423e0dcef9ab9601c7f0ae131e386b0104a6a9bceae863fc1186920576c
                                                                                                                                                                                • Instruction ID: 94c74e5a5aacbaad69a3bdfcf154c9035d8ded6a0e65b23c0d63679f04543271
                                                                                                                                                                                • Opcode Fuzzy Hash: 6926c423e0dcef9ab9601c7f0ae131e386b0104a6a9bceae863fc1186920576c
                                                                                                                                                                                • Instruction Fuzzy Hash: FBC012B2A84200BBCA206F00EE00F0A7A36EB60B03F10803DF344202B482789622DB1E
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004023AF, Relevance: 3.1, APIs: 2, Instructions: 57registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                			E004023AF(int* __ebx, char* __esi) {
				char* _t19;
				void* _t35;
				void* _t39;
				void* _t42;

				_t37 = __esi;
				_t29 = __ebx;
				_t35 = E00402B00(_t42, 0x20019);
				_t19 = E004029F6(0x33);
				 *__esi = __ebx;
				if(_t35 == __ebx) {
					 *(_t39 - 4) = 1;
				} else {
					 *(_t39 - 8) = 0x3ff;
					if(RegQueryValueExA(_t35, _t19, __ebx, _t39 + 8, __esi, _t39 - 8) != 0) {
						L7:
						 *_t37 = _t29;
						 *(_t39 - 4) = 1;
					} else {
						if( *(_t39 + 8) == 4) {
							__eflags =  *(_t39 - 0x14) - __ebx;
							 *(_t39 - 4) = 0 |  *(_t39 - 0x14) == __ebx;
							E0040593B(__esi,  *__esi);
						} else {
							if( *(_t39 + 8) == 1 ||  *(_t39 + 8) == 2) {
								 *(_t39 - 4) =  *(_t39 - 0x14);
								_t37[ *(_t39 - 8)] = _t29;
							} else {
								goto L7;
							}
						}
					}
					_push(_t35); // executed
					RegCloseKey(); // executed
				}
				 *0x423f08 =  *0x423f08 +  *(_t39 - 4);
				return 0;
			}







                                                                                                                                                                                0x004023af
                                                                                                                                                                                0x004023af
                                                                                                                                                                                0x004023bb
                                                                                                                                                                                0x004023bd
                                                                                                                                                                                0x004023c4
                                                                                                                                                                                0x004023c6
                                                                                                                                                                                0x0040265c
                                                                                                                                                                                0x004023cc
                                                                                                                                                                                0x004023cf
                                                                                                                                                                                0x004023ea
                                                                                                                                                                                0x00402420
                                                                                                                                                                                0x00402420
                                                                                                                                                                                0x00402422
                                                                                                                                                                                0x004023ec
                                                                                                                                                                                0x004023f0
                                                                                                                                                                                0x0040240f
                                                                                                                                                                                0x00402416
                                                                                                                                                                                0x00402419
                                                                                                                                                                                0x004023f2
                                                                                                                                                                                0x004023f5
                                                                                                                                                                                0x00402400
                                                                                                                                                                                0x00402406
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004023f5
                                                                                                                                                                                0x004023f0
                                                                                                                                                                                0x0040247c
                                                                                                                                                                                0x0040247d
                                                                                                                                                                                0x0040247d
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00402B00: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(00000000,00000000,?,000003FF,?,?,?,?,00000033), ref: 004023DF
                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3677997916-0
                                                                                                                                                                                • Opcode ID: 507b692e60eeee5e00a9f3c11261afc4d4aba39ebd03dc0eae597370735b97e4
                                                                                                                                                                                • Instruction ID: 77d51f223b4f01b007ab8b3a7146475204ba0a4990bfb8161fa5a86846697e19
                                                                                                                                                                                • Opcode Fuzzy Hash: 507b692e60eeee5e00a9f3c11261afc4d4aba39ebd03dc0eae597370735b97e4
                                                                                                                                                                                • Instruction Fuzzy Hash: 8611E371901205EFDB15DF64CA889AF7BB4EF14348F20807FE442B72C1D2B88A45EB5A
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 69%
                                                                                                                                                                                			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x423eb0; // 0x473c8c
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42366c =  *0x42366c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42366c, 0x7530,  *0x423654), 0); // executed
					}
				}
				return 0;
			}












                                                                                                                                                                                0x0040138a
                                                                                                                                                                                0x004013fa
                                                                                                                                                                                0x00401392
                                                                                                                                                                                0x0040139b
                                                                                                                                                                                0x004013a0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004013a2
                                                                                                                                                                                0x004013a3
                                                                                                                                                                                0x004013ad
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00401404
                                                                                                                                                                                0x004013b0
                                                                                                                                                                                0x004013b7
                                                                                                                                                                                0x004013bd
                                                                                                                                                                                0x004013be
                                                                                                                                                                                0x004013c0
                                                                                                                                                                                0x004013c2
                                                                                                                                                                                0x004013b9
                                                                                                                                                                                0x004013b9
                                                                                                                                                                                0x004013ba
                                                                                                                                                                                0x004013ba
                                                                                                                                                                                0x004013c9
                                                                                                                                                                                0x004013cb
                                                                                                                                                                                0x004013f4
                                                                                                                                                                                0x004013f4
                                                                                                                                                                                0x004013c9
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                • SendMessageA.USER32 ref: 004013F4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                • Opcode ID: 1c916d205157ad73d7dec8fa4d75793a4825b6d15c61c30e95467a340dd2df53
                                                                                                                                                                                • Instruction ID: 9357c62ddf9e7b3c824d0b87f8e4bad160879ee2cb8093492041203a2cf1b2c1
                                                                                                                                                                                • Opcode Fuzzy Hash: 1c916d205157ad73d7dec8fa4d75793a4825b6d15c61c30e95467a340dd2df53
                                                                                                                                                                                • Instruction Fuzzy Hash: A301F431724210ABE7295B389D04B2A36ADF710355F10427BF855F66F1D67CDC028B4D
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004022A7, Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E004022A7(void* __ebx) {
				char* _t6;
				void* _t11;
				long _t13;
				void* _t15;
				long _t19;
				void* _t22;
				void* _t23;

				_t15 = __ebx;
				_t26 =  *(_t23 - 0x14) - __ebx;
				if( *(_t23 - 0x14) != __ebx) {
					_t6 = E004029F6(0x22);
					_t18 =  *(_t23 - 0x14) & 0x00000002;
					__eflags =  *(_t23 - 0x14) & 0x00000002;
					_t19 = E00402A36(E00402AEB( *((intOrPtr*)(_t23 - 0x20))), _t6, _t18);
					goto L4;
				} else {
					_t11 = E00402B00(_t26, 2); // executed
					_t22 = _t11;
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t13 = RegDeleteValueA(_t22, E004029F6(0x33)); // executed
						_t19 = _t13;
						RegCloseKey(_t22);
						L4:
						if(_t19 != _t15) {
							goto L6;
						}
					}
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}










                                                                                                                                                                                0x004022a7
                                                                                                                                                                                0x004022a7
                                                                                                                                                                                0x004022aa
                                                                                                                                                                                0x004022d9
                                                                                                                                                                                0x004022e1
                                                                                                                                                                                0x004022e1
                                                                                                                                                                                0x004022f4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004022ac
                                                                                                                                                                                0x004022ae
                                                                                                                                                                                0x004022b3
                                                                                                                                                                                0x004022b7
                                                                                                                                                                                0x0040265c
                                                                                                                                                                                0x0040265c
                                                                                                                                                                                0x004022bd
                                                                                                                                                                                0x004022c6
                                                                                                                                                                                0x004022cd
                                                                                                                                                                                0x004022cf
                                                                                                                                                                                0x004022f6
                                                                                                                                                                                0x004022f8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004022fe
                                                                                                                                                                                0x004022f8
                                                                                                                                                                                0x004022b7
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00402B00: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                                                                • RegDeleteValueA.KERNELBASE(00000000,00000000,00000033), ref: 004022C6
                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 004022CF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseDeleteOpenValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 849931509-0
                                                                                                                                                                                • Opcode ID: ee70e0c8ea5e76c5473df7986e6ddf19852834f1384ac6f07000c38f1b823d4b
                                                                                                                                                                                • Instruction ID: c586e56b1d430ee1cb1ae4f59be608967060f6779667f9d5bdce91e390546033
                                                                                                                                                                                • Opcode Fuzzy Hash: ee70e0c8ea5e76c5473df7986e6ddf19852834f1384ac6f07000c38f1b823d4b
                                                                                                                                                                                • Instruction Fuzzy Hash: B9F04472A00211ABDB20BFA49F4DABF7268AB40354F10453BF601B61C1D9B94D42A66D
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00404E4D, Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 50%
                                                                                                                                                                                			E00404E4D(signed int __eax) {
				intOrPtr _v0;
				intOrPtr _t8;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t12;

				_t11 =  *0x423ea8; // 0x471fe4
				_t10 =  *0x423eac; // 0x7
				__imp__OleInitialize(0);
				 *0x423f38 =  *0x423f38 | __eax;
				E00403DDB(0);
				if(_t10 != 0) {
					_t12 = _t11 + 0xc;
					while(1) {
						_t10 = _t10 - 1;
						if(( *(_t12 - 4) & 0x00000001) != 0 && E00401389( *_t12, _v0) != 0) {
							break;
						}
						_t12 = _t12 + 0x418;
						if(_t10 != 0) {
							continue;
						} else {
						}
						goto L7;
					}
					 *0x423f0c =  *0x423f0c + 1;
				}
				L7:
				E00403DDB(0x404); // executed
				__imp__OleUninitialize();
				_t8 =  *0x423f0c; // 0x0
				return _t8;
			}








                                                                                                                                                                                0x00404e4e
                                                                                                                                                                                0x00404e55
                                                                                                                                                                                0x00404e5d
                                                                                                                                                                                0x00404e63
                                                                                                                                                                                0x00404e6b
                                                                                                                                                                                0x00404e72
                                                                                                                                                                                0x00404e74
                                                                                                                                                                                0x00404e77
                                                                                                                                                                                0x00404e77
                                                                                                                                                                                0x00404e7c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404e8d
                                                                                                                                                                                0x00404e95
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404e97
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00404e95
                                                                                                                                                                                0x00404e99
                                                                                                                                                                                0x00404e99
                                                                                                                                                                                0x00404e9f
                                                                                                                                                                                0x00404ea4
                                                                                                                                                                                0x00404ea9
                                                                                                                                                                                0x00404eaf
                                                                                                                                                                                0x00404eb6

                                                                                                                                                                                APIs
                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 00404E5D
                                                                                                                                                                                  • Part of subcall function 00403DDB: SendMessageA.USER32 ref: 00403DED
                                                                                                                                                                                • OleUninitialize.OLE32(00000404,00000000), ref: 00404EA9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeMessageSendUninitialize
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2896919175-0
                                                                                                                                                                                • Opcode ID: a71bf3315524e495bb63ac7db680478635d871b9932b013c5ee158b9648a44a1
                                                                                                                                                                                • Instruction ID: dd00d1d9fa511fdb2abfd92f861b37bc179417f7df103cd37a6f8771cbc5aef0
                                                                                                                                                                                • Opcode Fuzzy Hash: a71bf3315524e495bb63ac7db680478635d871b9932b013c5ee158b9648a44a1
                                                                                                                                                                                • Instruction Fuzzy Hash: D3F0F0B2A00200AAD7201F64ED00B167BB4ABC0316F06003BFF04B62E0D3795802869D
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00402866, Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00402866(signed int __eax) {
				RECT* _t10;
				signed int _t12;
				void* _t16;

				_t12 =  *0x421478; // 0x1
				SendMessageA( *(_t16 - 0x34), 0xb, _t12 & __eax, _t10); // executed
				if( *((intOrPtr*)(_t16 - 0x24)) != _t10) {
					InvalidateRect( *(_t16 - 0x34), _t10, _t10);
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t16 - 4));
				return 0;
			}






                                                                                                                                                                                0x00402866
                                                                                                                                                                                0x00402875
                                                                                                                                                                                0x0040287e
                                                                                                                                                                                0x00402885
                                                                                                                                                                                0x00402885
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InvalidateMessageRectSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 909852535-0
                                                                                                                                                                                • Opcode ID: 46183b671d0a66796b8da51e49bc5f75bb78f43e79dd776066acc7c5e036528c
                                                                                                                                                                                • Instruction ID: 649a040586aa62cc82974a2302a351b88b3488b792cf185d27debadfb860ecc8
                                                                                                                                                                                • Opcode Fuzzy Hash: 46183b671d0a66796b8da51e49bc5f75bb78f43e79dd776066acc7c5e036528c
                                                                                                                                                                                • Instruction Fuzzy Hash: 34E08C72B00104BFEB10DFA4FE859AE7BBAEB40349B1000BAF201F10A0D2351D00CA28
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00401D95, Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DAB
                                                                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 00401DB6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$EnableShow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1136574915-0
                                                                                                                                                                                • Opcode ID: 180e04144bc7a0d59582f7e45b03d1942a0b442326c071ed28d9fde4447ebb30
                                                                                                                                                                                • Instruction ID: 6b7a785092ec91fc8b74b141f8716fcdbeee11c7e0160613a2a2c5ad315415b5
                                                                                                                                                                                • Opcode Fuzzy Hash: 180e04144bc7a0d59582f7e45b03d1942a0b442326c071ed28d9fde4447ebb30
                                                                                                                                                                                • Instruction Fuzzy Hash: 96E0C272F08210DBD710FBB4AE899AE3674DB403A9B10453BF503F20C1D2B89C8196EE
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004056B4, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                                                			E004056B4(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                                                                                0x004056b8
                                                                                                                                                                                0x004056c5
                                                                                                                                                                                0x004056da
                                                                                                                                                                                0x004056e0

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(00000003,00402C62,C:\Users\user\Desktop\Unlocker1.9.2.exe,80000000,00000003), ref: 004056B8
                                                                                                                                                                                • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004056DA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 415043291-0
                                                                                                                                                                                • Opcode ID: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                                                                                                • Instruction ID: 518821d5ca0a74227a37217cadb520a33af9faec79942caa6648154b48e23ab6
                                                                                                                                                                                • Opcode Fuzzy Hash: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                                                                                                • Instruction Fuzzy Hash: DDD09E71658301AFEF098F20DE1AF2E7AA2EB84B01F10962CB646940E0D6715C15DB16
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0040344C, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E0040344C() {
				void* _t1;
				void* _t3;
				void* _t5;
				signed int _t7;

				_t1 =  *0x409014; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x409014 =  *0x409014 | 0xffffffff;
					_t7 =  *0x409014;
				}
				E00403491();
				_t3 = E00405302(_t5, _t7, "C:\\Users\\jones\\AppData\\Local\\Temp\\nsoF2A7.tmp\\", 7); // executed
				return _t3;
			}







                                                                                                                                                                                0x0040344c
                                                                                                                                                                                0x00403454
                                                                                                                                                                                0x00403457
                                                                                                                                                                                0x0040345d
                                                                                                                                                                                0x0040345d
                                                                                                                                                                                0x0040345d
                                                                                                                                                                                0x00403464
                                                                                                                                                                                0x00403470
                                                                                                                                                                                0x00403475

                                                                                                                                                                                APIs
                                                                                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,004032BC,00000000), ref: 00403457
                                                                                                                                                                                Strings
                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\, xrefs: 0040346B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\
                                                                                                                                                                                • API String ID: 2962429428-1527595862
                                                                                                                                                                                • Opcode ID: cd01773061dc76ed6dc42017c9b80e515b0b69eef6637a25064d86b5b90a4b84
                                                                                                                                                                                • Instruction ID: 2202cf36b8f848177cc2ffd66234e305818bf21466fa1b02f98de814e748bada
                                                                                                                                                                                • Opcode Fuzzy Hash: cd01773061dc76ed6dc42017c9b80e515b0b69eef6637a25064d86b5b90a4b84
                                                                                                                                                                                • Instruction Fuzzy Hash: E5C0123060470096D6206F799E4F5063A18574073AB904326F1B5B40F2C77C5901893F
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00405695, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00405695(CHAR* _a4) {
				signed char _t3;
				int _t5;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					_t5 = SetFileAttributesA(_a4, _t3 & 0x000000fe); // executed
					return _t5;
				}
				return _t3;
			}





                                                                                                                                                                                0x00405699
                                                                                                                                                                                0x004056a2
                                                                                                                                                                                0x004056ab
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004056ab
                                                                                                                                                                                0x004056b1

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(?,004054A0,?,?,?), ref: 00405699
                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(?,00000000), ref: 004056AB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                                                                                                • Instruction ID: 6114cdacef20a61ffb1e354697c2a54f95ff97830a0005cd613603337fba2c3c
                                                                                                                                                                                • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                                                                                                • Instruction Fuzzy Hash: 72C04CB1808501BBD6015B24DF0D81F7B66EB51321B508F35F56DE00F1C7355CA6DA1A
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00402223, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00402223(int __eax, CHAR* __ebx) {
				CHAR* _t11;
				void* _t13;
				CHAR* _t14;
				void* _t18;
				int _t22;

				_t11 = __ebx;
				_t5 = __eax;
				_t14 = 0;
				if(__eax != __ebx) {
					__eax = E004029F6(__ebx);
				}
				if(_t13 != _t11) {
					_t14 = E004029F6(0x11);
				}
				if( *((intOrPtr*)(_t18 - 0x14)) != _t11) {
					_t11 = E004029F6(0x22);
				}
				_t5 = WritePrivateProfileStringA(0, _t14, _t11, E004029F6(0xffffffcd)); // executed
				_t22 = _t5;
				if(_t22 == 0) {
					 *((intOrPtr*)(_t18 - 4)) = 1;
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t18 - 4));
				return 0;
			}








                                                                                                                                                                                0x00402223
                                                                                                                                                                                0x00402223
                                                                                                                                                                                0x00402225
                                                                                                                                                                                0x00402229
                                                                                                                                                                                0x0040222c
                                                                                                                                                                                0x00402234
                                                                                                                                                                                0x00402238
                                                                                                                                                                                0x00402241
                                                                                                                                                                                0x00402241
                                                                                                                                                                                0x00402246
                                                                                                                                                                                0x0040224f
                                                                                                                                                                                0x0040224f
                                                                                                                                                                                0x0040225c
                                                                                                                                                                                0x004015a6
                                                                                                                                                                                0x004015a8
                                                                                                                                                                                0x0040265c
                                                                                                                                                                                0x0040265c
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 0040225C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PrivateProfileStringWrite
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 390214022-0
                                                                                                                                                                                • Opcode ID: b6116c209c80720ea8c5b66b32d343bdc214f8bf2523826a10554ae8e2aaa3ef
                                                                                                                                                                                • Instruction ID: 7f0f3d0bfb11d3a69440f7e30d7772d63b8707f304f836d716d69bda9ce5b450
                                                                                                                                                                                • Opcode Fuzzy Hash: b6116c209c80720ea8c5b66b32d343bdc214f8bf2523826a10554ae8e2aaa3ef
                                                                                                                                                                                • Instruction Fuzzy Hash: 31E04871F002656BDBA07AF14F8D97F115C7B84344F14027EBA15762C6E9BC4D416169
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0040304E, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E0040304E(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                                                                0x00403052
                                                                                                                                                                                0x00403065
                                                                                                                                                                                0x0040306d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403074
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403076

                                                                                                                                                                                APIs
                                                                                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EA7,000000FF,00000004,00000000,00000000,00000000), ref: 00403065
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                                                                                • Instruction ID: cf04fcf122da41e7499d2f74f705547a68887b1f6d4f421339b8fb166199a16f
                                                                                                                                                                                • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                                                                                • Instruction Fuzzy Hash: 2AE08C32901118BBCF205E619C00EAB3B5CEB053A2F00C032FA14E52A0D630EA11DBAA
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00402B00, Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                                                			E00402B00(void* __eflags, void* _a4) {
				signed int _t6;
				char* _t8;
				intOrPtr _t9;
				signed int _t11;

				_t6 =  *0x423f30; // 0x100
				_t8 = E004029F6(0x22);
				_t9 =  *0x409b48; // 0x19f570
				_t11 = RegOpenKeyExA(E00402AEB( *((intOrPtr*)(_t9 + 4))), _t8, 0, _t6 | _a4,  &_a4); // executed
				asm("sbb eax, eax");
				return  !( ~_t11) & _a4;
			}







                                                                                                                                                                                0x00402b07
                                                                                                                                                                                0x00402b14
                                                                                                                                                                                0x00402b1a
                                                                                                                                                                                0x00402b28
                                                                                                                                                                                0x00402b30
                                                                                                                                                                                0x00402b38

                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                • Opcode ID: 75536f55a61c7ddeae545d3e58a4254d3b1e603d9243d6840a97648cae86c977
                                                                                                                                                                                • Instruction ID: b114426f85d9896a426a267f97d2c69b4d85675bc1c8818fcc54ad92fcdded5e
                                                                                                                                                                                • Opcode Fuzzy Hash: 75536f55a61c7ddeae545d3e58a4254d3b1e603d9243d6840a97648cae86c977
                                                                                                                                                                                • Instruction Fuzzy Hash: D5E08CB6650108BFDB50EFA4ED4BFDA77ECBB04340F008821BA08E7091CA78E5409B68
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00403D8F, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00403D8F(intOrPtr _a12) {
				intOrPtr _v0;
				struct HWND__* _v4;
				int _t7;
				void* _t8;
				void* _t9;
				void* _t10;

				_t7 = SetDlgItemTextA(_v4, _v0 + 0x3e8, E004059FF(_t8, _t9, _t10, 0, _a12)); // executed
				return _t7;
			}









                                                                                                                                                                                0x00403da9
                                                                                                                                                                                0x00403dae

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ItemText
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3367045223-0
                                                                                                                                                                                • Opcode ID: 1a099d3bd65285bc0f9a8825a9e07570eefe01f436bdd2ad6c1ebea1d3a073c8
                                                                                                                                                                                • Instruction ID: 5f24766654b0959f9fafa4a482421e3f7ee2751b64636ea9b5eff0debf90db41
                                                                                                                                                                                • Opcode Fuzzy Hash: 1a099d3bd65285bc0f9a8825a9e07570eefe01f436bdd2ad6c1ebea1d3a073c8
                                                                                                                                                                                • Instruction Fuzzy Hash: 1CC04C76148600BFD641E755CC42F1FB799EFA4325F00C52EB15CA11D1CA3588209F26
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00403DDB, Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00403DDB(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x423658; // 0x50400
				if(_t2 != 0) {
					_t3 = SendMessageA(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                                                                                                                0x00403ddb
                                                                                                                                                                                0x00403de2
                                                                                                                                                                                0x00403ded
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403ded
                                                                                                                                                                                0x00403df3

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                • Opcode ID: 26eb61eee2f8dbf044ce35a143100ca30312b2da0147e559357940c095fae958
                                                                                                                                                                                • Instruction ID: 0e8439f77210545f6c91de949863756b753435ab215934436bbdbfed1b8c9049
                                                                                                                                                                                • Opcode Fuzzy Hash: 26eb61eee2f8dbf044ce35a143100ca30312b2da0147e559357940c095fae958
                                                                                                                                                                                • Instruction Fuzzy Hash: A6C08C707402017BDA208F109D45F033768AB10701F0040347200A01D0C634E100D61C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00403DC4, Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00403DC4(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x423e88, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                                                                                                                0x00403dd2
                                                                                                                                                                                0x00403dd8

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                • Opcode ID: 9b8c2a1a4dccebde683369f87605a88067a0545aeab7591961bdf6cdb6557e70
                                                                                                                                                                                • Instruction ID: 852617af31e01c2ae6d6bbe4641feff1a9708b3e48e1883f9033c05fa9abbd48
                                                                                                                                                                                • Opcode Fuzzy Hash: 9b8c2a1a4dccebde683369f87605a88067a0545aeab7591961bdf6cdb6557e70
                                                                                                                                                                                • Instruction Fuzzy Hash: 38B01276BC4201BBDE216F00DE09F457E72E764702F018078B304240F0C6F240A5DB09
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00403080, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00403080(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                                                                                0x0040308e
                                                                                                                                                                                0x00403094

                                                                                                                                                                                APIs
                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402DE9,0000CDE4), ref: 0040308E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FilePointer
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                                                • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                                                                                • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                                                                                                                                                                • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                                                                                • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00405282, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00405282(int _a4, CHAR* _a8) {
				int _t3;

				_t3 = GetDlgItemTextA( *0x423658, _a4, _a8, 0x400); // executed
				return _t3;
			}




                                                                                                                                                                                0x00405295
                                                                                                                                                                                0x0040529b

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ItemText
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3367045223-0
                                                                                                                                                                                • Opcode ID: 660c1fc254df36beb57d81b90febdada7011a4db7affac3806782aa2ca0af1b7
                                                                                                                                                                                • Instruction ID: 64f8da0eb6fa4cceecf9efc48ddd89885d4d712a4f1a1a74ac23683e4b195719
                                                                                                                                                                                • Opcode Fuzzy Hash: 660c1fc254df36beb57d81b90febdada7011a4db7affac3806782aa2ca0af1b7
                                                                                                                                                                                • Instruction Fuzzy Hash: 42B09276608240BFCA125F40DE04E0ABB72BBA4312F00C424BB98641B082325422EF0A
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00403DB1, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00403DB1(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x420470, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                0x00403dbb
                                                                                                                                                                                0x00403dc1

                                                                                                                                                                                APIs
                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00403B8E), ref: 00403DBB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2492992576-0
                                                                                                                                                                                • Opcode ID: 3d2371042bc9023e882d1747a0204cba7e5e06de41843067423b9fd361121a1b
                                                                                                                                                                                • Instruction ID: b3b70422baabf746d7f85ff150f7fad2421cb985b3c304c2f0a1b2ed4b2bd08a
                                                                                                                                                                                • Opcode Fuzzy Hash: 3d2371042bc9023e882d1747a0204cba7e5e06de41843067423b9fd361121a1b
                                                                                                                                                                                • Instruction Fuzzy Hash: A2A00275515100DBCA115B50DE048057A61B754705F41D475B2455017587315461EB5A
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 0040263E, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 39%
                                                                                                                                                                                			E0040263E(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029F6(2), _t19 - 0x1a4) != 0xffffffff) {
					E0040593B(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E004059DD();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                                                                                                0x00402656
                                                                                                                                                                                0x0040266a
                                                                                                                                                                                0x00402675
                                                                                                                                                                                0x00402676
                                                                                                                                                                                0x004027b1
                                                                                                                                                                                0x00402658
                                                                                                                                                                                0x00402658
                                                                                                                                                                                0x0040265a
                                                                                                                                                                                0x0040265c
                                                                                                                                                                                0x0040265c
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040264D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileFindFirst
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1974802433-0
                                                                                                                                                                                • Opcode ID: 7ce125ca612887df162c36b751337e4c26a37c050d4ffda7300b23609ce4967c
                                                                                                                                                                                • Instruction ID: 14dcf34609860af9969e045d3f077fc7a18bb2554c958aa599433bfc977b1d94
                                                                                                                                                                                • Opcode Fuzzy Hash: 7ce125ca612887df162c36b751337e4c26a37c050d4ffda7300b23609ce4967c
                                                                                                                                                                                • Instruction Fuzzy Hash: 86F0E572A04101DFD700EBB49E49AEEB778DF51328FA0067BF101F20C1D2B84A45DB2A
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 90%
                                                                                                                                                                                			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423e90; // 0x471cb8
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "Unlocker 1.9.2 Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423e88; // 0x0
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                                                                                                                                                                0x0040100a
                                                                                                                                                                                0x00401039
                                                                                                                                                                                0x00401047
                                                                                                                                                                                0x0040104d
                                                                                                                                                                                0x00401051
                                                                                                                                                                                0x0040105b
                                                                                                                                                                                0x00401061
                                                                                                                                                                                0x00401064
                                                                                                                                                                                0x004010f3
                                                                                                                                                                                0x00401089
                                                                                                                                                                                0x0040108c
                                                                                                                                                                                0x004010a6
                                                                                                                                                                                0x004010bd
                                                                                                                                                                                0x004010cc
                                                                                                                                                                                0x004010cf
                                                                                                                                                                                0x004010d5
                                                                                                                                                                                0x004010d9
                                                                                                                                                                                0x004010e4
                                                                                                                                                                                0x004010ed
                                                                                                                                                                                0x004010ef
                                                                                                                                                                                0x004010ef
                                                                                                                                                                                0x00401100
                                                                                                                                                                                0x00401105
                                                                                                                                                                                0x0040110d
                                                                                                                                                                                0x00401110
                                                                                                                                                                                0x00401112
                                                                                                                                                                                0x00401118
                                                                                                                                                                                0x0040111f
                                                                                                                                                                                0x00401126
                                                                                                                                                                                0x00401130
                                                                                                                                                                                0x00401142
                                                                                                                                                                                0x00401156
                                                                                                                                                                                0x00401160
                                                                                                                                                                                0x00401165
                                                                                                                                                                                0x00401165
                                                                                                                                                                                0x00401110
                                                                                                                                                                                0x0040116e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00401178
                                                                                                                                                                                0x00401010
                                                                                                                                                                                0x00401013
                                                                                                                                                                                0x00401015
                                                                                                                                                                                0x00401019
                                                                                                                                                                                0x0040101f
                                                                                                                                                                                0x0040101f
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                • GetClientRect.USER32 ref: 0040105B
                                                                                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                • FillRect.USER32 ref: 004010E4
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                • DrawTextA.USER32(00000000,Unlocker 1.9.2 Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                • String ID: F$Unlocker 1.9.2 Setup
                                                                                                                                                                                • API String ID: 941294808-1352916206
                                                                                                                                                                                • Opcode ID: a16a50f16efb259b1f94ca86ef79a5d51e0f349a280e4e705ab109419a7a434d
                                                                                                                                                                                • Instruction ID: 87972a138d556bacb88ba9c7fcdf6f47da3ec758f00315b8b39b68d2b09e4b9a
                                                                                                                                                                                • Opcode Fuzzy Hash: a16a50f16efb259b1f94ca86ef79a5d51e0f349a280e4e705ab109419a7a434d
                                                                                                                                                                                • Instruction Fuzzy Hash: 6441BC71804249AFCB058FA4CD459BFBFB9FF44314F00812AF951AA1A0C378EA54DFA5
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0040572B, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                			E0040572B() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405CFF(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f10 =  *0x423f10 + 1;
						return _t20;
					}
				}
				 *0x422608 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x422080, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421c80, "%s=%s\r\n", 0x422608, 0x422080);
						_t18 =  *0x423e90; // 0x471cb8
						_t56 = _t55 + 0x10;
						E004059FF(_t43, 0x400, 0x422080, 0x422080,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E004056B4(0x422080, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E00405629(_t51, "[Rename]\r\n") != 0) {
								_t28 = E00405629(_t26 + 0xa, 0x409330);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E00405675(_t51 + _t29, 0x421c80, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E004059DD(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E004056B4(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422608, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                                                                                                                                                                                0x00405731
                                                                                                                                                                                0x00405738
                                                                                                                                                                                0x0040573c
                                                                                                                                                                                0x00405745
                                                                                                                                                                                0x00405749
                                                                                                                                                                                0x00405888
                                                                                                                                                                                0x00405888
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405888
                                                                                                                                                                                0x00405749
                                                                                                                                                                                0x00405755
                                                                                                                                                                                0x0040576b
                                                                                                                                                                                0x00405793
                                                                                                                                                                                0x0040579e
                                                                                                                                                                                0x004057a2
                                                                                                                                                                                0x004057c2
                                                                                                                                                                                0x004057c4
                                                                                                                                                                                0x004057c9
                                                                                                                                                                                0x004057d3
                                                                                                                                                                                0x004057e0
                                                                                                                                                                                0x004057e5
                                                                                                                                                                                0x004057ea
                                                                                                                                                                                0x004057ee
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004057fd
                                                                                                                                                                                0x004057ff
                                                                                                                                                                                0x0040580c
                                                                                                                                                                                0x00405810
                                                                                                                                                                                0x00405881
                                                                                                                                                                                0x00405882
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040582c
                                                                                                                                                                                0x00405839
                                                                                                                                                                                0x0040589e
                                                                                                                                                                                0x004058a5
                                                                                                                                                                                0x0040584c
                                                                                                                                                                                0x0040584c
                                                                                                                                                                                0x0040584e
                                                                                                                                                                                0x00405857
                                                                                                                                                                                0x00405862
                                                                                                                                                                                0x00405874
                                                                                                                                                                                0x0040587b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040587b
                                                                                                                                                                                0x004058a7
                                                                                                                                                                                0x004058a8
                                                                                                                                                                                0x004058ad
                                                                                                                                                                                0x004058af
                                                                                                                                                                                0x004058bc
                                                                                                                                                                                0x004058bc
                                                                                                                                                                                0x004058c0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004058b1
                                                                                                                                                                                0x004058b1
                                                                                                                                                                                0x004058b4
                                                                                                                                                                                0x004058b7
                                                                                                                                                                                0x004058b8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004058b1
                                                                                                                                                                                0x00405844
                                                                                                                                                                                0x00405849
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405849
                                                                                                                                                                                0x00405810
                                                                                                                                                                                0x0040576d
                                                                                                                                                                                0x00405778
                                                                                                                                                                                0x00405781
                                                                                                                                                                                0x00405785
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405785
                                                                                                                                                                                0x00405892

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00405CFF: GetModuleHandleA.KERNEL32(?,?,00000000,0040310E,00000008), ref: 00405D11
                                                                                                                                                                                  • Part of subcall function 00405CFF: LoadLibraryA.KERNELBASE(?,?,00000000,0040310E,00000008), ref: 00405D1C
                                                                                                                                                                                  • Part of subcall function 00405CFF: GetProcAddress.KERNEL32(00000000,?), ref: 00405D2D
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,004054C0,?,00000000,000000F1,?), ref: 00405778
                                                                                                                                                                                • GetShortPathNameA.KERNEL32(?,00422608,00000400), ref: 00405781
                                                                                                                                                                                • GetShortPathNameA.KERNEL32(00000000,00422080,00000400), ref: 0040579E
                                                                                                                                                                                • wsprintfA.USER32 ref: 004057BC
                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00422080,C0000000,00000004,00422080,?,?,?,00000000,000000F1,?), ref: 004057F7
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 00405806
                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 0040581C
                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421C80,00000000,-0000000A,00409330,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405862
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405874
                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 0040587B
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405882
                                                                                                                                                                                  • Part of subcall function 00405629: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405630
                                                                                                                                                                                  • Part of subcall function 00405629: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405660
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                                                                                                                • String ID: %s=%s$[Rename]
                                                                                                                                                                                • API String ID: 3772915668-1727408572
                                                                                                                                                                                • Opcode ID: fde17059b73e5ed387f221ca3ca0721057c187c9f22db8a501a216d306c9fcdb
                                                                                                                                                                                • Instruction ID: 243778ea09c2d6121d89995a0746b628a30f71b2b4e684d8516dd3187c24d480
                                                                                                                                                                                • Opcode Fuzzy Hash: fde17059b73e5ed387f221ca3ca0721057c187c9f22db8a501a216d306c9fcdb
                                                                                                                                                                                • Instruction Fuzzy Hash: 0E412032A05B067BE3207B619C48F6B3A5CEB40754F004436FD05F62D2EA38A8018ABE
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00405C3F, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00405C3F(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E0040553D(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004054FB("*?|<>/\":", _t5))) == 0) {
							E00405675(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                                                                                0x00405c41
                                                                                                                                                                                0x00405c49
                                                                                                                                                                                0x00405c5d
                                                                                                                                                                                0x00405c5d
                                                                                                                                                                                0x00405c63
                                                                                                                                                                                0x00405c70
                                                                                                                                                                                0x00405c70
                                                                                                                                                                                0x00405c71
                                                                                                                                                                                0x00405c73
                                                                                                                                                                                0x00405c77
                                                                                                                                                                                0x00405c79
                                                                                                                                                                                0x00405c82
                                                                                                                                                                                0x00405c84
                                                                                                                                                                                0x00405c9e
                                                                                                                                                                                0x00405ca6
                                                                                                                                                                                0x00405ca6
                                                                                                                                                                                0x00405cab
                                                                                                                                                                                0x00405cad
                                                                                                                                                                                0x00405caf
                                                                                                                                                                                0x00405cb3
                                                                                                                                                                                0x00405cb4
                                                                                                                                                                                0x00405cb7
                                                                                                                                                                                0x00405cbf
                                                                                                                                                                                0x00405cc1
                                                                                                                                                                                0x00405cc5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405ccb
                                                                                                                                                                                0x00405cd0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405cd0
                                                                                                                                                                                0x00405cd5

                                                                                                                                                                                APIs
                                                                                                                                                                                • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405C97
                                                                                                                                                                                • CharNextA.USER32(?,?,?,00000000), ref: 00405CA4
                                                                                                                                                                                • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CA9
                                                                                                                                                                                • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CB9
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\Unlocker1.9.2.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                • API String ID: 589700163-2489361401
                                                                                                                                                                                • Opcode ID: 5aa71b13a4eda0142438c40892e2bf660e792717ed83394db4a483eb7dc85cb7
                                                                                                                                                                                • Instruction ID: 6e21827f4117d195ccc2fee92ee9dbca2865e9be55a4e6ca6148cbd3e4a13511
                                                                                                                                                                                • Opcode Fuzzy Hash: 5aa71b13a4eda0142438c40892e2bf660e792717ed83394db4a483eb7dc85cb7
                                                                                                                                                                                • Instruction Fuzzy Hash: F011905580CB942AFB3206384C48B776F99CB67764F58407BE8C4723C2D67C5C429B6D
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00403DF6, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00403DF6(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                                                                                                                0x00403e08
                                                                                                                                                                                0x00403e9c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403e9c
                                                                                                                                                                                0x00403e19
                                                                                                                                                                                0x00403e1d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403e23
                                                                                                                                                                                0x00403e2c
                                                                                                                                                                                0x00403e2f
                                                                                                                                                                                0x00403e2f
                                                                                                                                                                                0x00403e35
                                                                                                                                                                                0x00403e3b
                                                                                                                                                                                0x00403e3b
                                                                                                                                                                                0x00403e47
                                                                                                                                                                                0x00403e4d
                                                                                                                                                                                0x00403e54
                                                                                                                                                                                0x00403e57
                                                                                                                                                                                0x00403e5a
                                                                                                                                                                                0x00403e5c
                                                                                                                                                                                0x00403e5c
                                                                                                                                                                                0x00403e64
                                                                                                                                                                                0x00403e6a
                                                                                                                                                                                0x00403e6a
                                                                                                                                                                                0x00403e74
                                                                                                                                                                                0x00403e79
                                                                                                                                                                                0x00403e7c
                                                                                                                                                                                0x00403e81
                                                                                                                                                                                0x00403e84
                                                                                                                                                                                0x00403e84
                                                                                                                                                                                0x00403e94
                                                                                                                                                                                0x00403e94
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                                                                • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                                                                                • Instruction ID: 6c7fdd900eb09a88ca35fb2207b5deae9db7ec429e3ae93f4f07cdddb38981b8
                                                                                                                                                                                • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F219671904744ABCB219F78DD08B4B7FF8AF00715F048A2AF856E22E1C338EA04CB95
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0040464A, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E0040464A(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                                                                                0x00404658
                                                                                                                                                                                0x00404665
                                                                                                                                                                                0x0040466b
                                                                                                                                                                                0x004046a9
                                                                                                                                                                                0x004046a9
                                                                                                                                                                                0x004046b8
                                                                                                                                                                                0x004046bf
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004046c1
                                                                                                                                                                                0x0040466d
                                                                                                                                                                                0x0040467c
                                                                                                                                                                                0x00404684
                                                                                                                                                                                0x00404687
                                                                                                                                                                                0x00404699
                                                                                                                                                                                0x0040469f
                                                                                                                                                                                0x004046a6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004046a6
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                                                                                • String ID: f
                                                                                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                                                                                • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                                                                                • Instruction ID: 811e074b116e6ce6d11e192741490be2760717d42b69e64a674173994bb84636
                                                                                                                                                                                • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                                                                                • Instruction Fuzzy Hash: 4E014C71D00219BADB00DBA4DC85FFEBBB8AB59711F10052ABA00B61D0D7B8A9058BA5
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00402B3B, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00402B3B(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x40b018; // 0x10753b
					_t11 =  *0x41f028; // 0x10753f
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                                                                                0x00402b48
                                                                                                                                                                                0x00402b56
                                                                                                                                                                                0x00402b5c
                                                                                                                                                                                0x00402b5c
                                                                                                                                                                                0x00402b6a
                                                                                                                                                                                0x00402b6c
                                                                                                                                                                                0x00402b72
                                                                                                                                                                                0x00402b79
                                                                                                                                                                                0x00402b7b
                                                                                                                                                                                0x00402b7b
                                                                                                                                                                                0x00402b91
                                                                                                                                                                                0x00402ba1
                                                                                                                                                                                0x00402bb3
                                                                                                                                                                                0x00402bb3
                                                                                                                                                                                0x00402bbb

                                                                                                                                                                                APIs
                                                                                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                                                                                                                                                                • MulDiv.KERNEL32(0010753B,00000064,0010753F), ref: 00402B81
                                                                                                                                                                                • wsprintfA.USER32 ref: 00402B91
                                                                                                                                                                                • SetWindowTextA.USER32(?,?), ref: 00402BA1
                                                                                                                                                                                • SetDlgItemTextA.USER32 ref: 00402BB3
                                                                                                                                                                                Strings
                                                                                                                                                                                • verifying installer: %d%%, xrefs: 00402B8B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                                                                                • Opcode ID: 942454595b55506ed27eeb1e7d8b1282508b27149c9d2e8fb24462be395a0e5b
                                                                                                                                                                                • Instruction ID: e41715c37a5330c5740685503c003044c4943c79b663b03d39d41db920bc543d
                                                                                                                                                                                • Opcode Fuzzy Hash: 942454595b55506ed27eeb1e7d8b1282508b27149c9d2e8fb24462be395a0e5b
                                                                                                                                                                                • Instruction Fuzzy Hash: 34014470A00209ABDB249F60DD09EAE3779AB04345F008039FA16B92D1D7B49A559F99
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00401D1B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 67%
                                                                                                                                                                                			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af54->lfHeight =  ~(MulDiv(E004029D9(2), _t6, 0x48));
				 *0x40af64 = E004029D9(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af6b = 1;
				 *0x40af68 = _t11 & 0x00000001;
				 *0x40af69 = _t11 & 0x00000002;
				 *0x40af6a = _t11 & 0x00000004;
				E004059FF(_t18, _t24, _t26, "MS Shell Dlg",  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af54);
				_push(_t14);
				_push(_t26);
				E0040593B();
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                                                                                                                0x00401d29
                                                                                                                                                                                0x00401d42
                                                                                                                                                                                0x00401d4c
                                                                                                                                                                                0x00401d51
                                                                                                                                                                                0x00401d5c
                                                                                                                                                                                0x00401d63
                                                                                                                                                                                0x00401d75
                                                                                                                                                                                0x00401d7b
                                                                                                                                                                                0x00401d80
                                                                                                                                                                                0x00401d8a
                                                                                                                                                                                0x004024b8
                                                                                                                                                                                0x00401561
                                                                                                                                                                                0x00402833
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDC.USER32(?), ref: 00401D22
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                                                                                                • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                                                                                                • CreateFontIndirectA.GDI32(0040AF54), ref: 00401D8A
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CapsCreateDeviceFontIndirect
                                                                                                                                                                                • String ID: MS Shell Dlg
                                                                                                                                                                                • API String ID: 3272661963-76309092
                                                                                                                                                                                • Opcode ID: aaa704804153b4156d33932d66762c168f337da226587c5d1751100b1e088207
                                                                                                                                                                                • Instruction ID: 822a585a95499be2ccb46a886614a983d19f7779af01092212c1c8a44adbdb5d
                                                                                                                                                                                • Opcode Fuzzy Hash: aaa704804153b4156d33932d66762c168f337da226587c5d1751100b1e088207
                                                                                                                                                                                • Instruction Fuzzy Hash: 80F04FF1A49742AEE70167B0AE0AB9A3B659719306F14043AF242BA1E2C5BC0454DB7F
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00402A36, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                			E00402A36(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x423f30; // 0x100
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A36(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405CFF(2);
					if(_t27 == 0) {
						__eflags =  *0x423f30; // 0x100
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f30, 0);
				}
				return _t18;
			}










                                                                                                                                                                                0x00402a46
                                                                                                                                                                                0x00402a57
                                                                                                                                                                                0x00402a5f
                                                                                                                                                                                0x00402a87
                                                                                                                                                                                0x00402a6e
                                                                                                                                                                                0x00402a71
                                                                                                                                                                                0x00402ac1
                                                                                                                                                                                0x00402ac7
                                                                                                                                                                                0x00402ac9
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402ac9
                                                                                                                                                                                0x00402a7e
                                                                                                                                                                                0x00402a83
                                                                                                                                                                                0x00402a85
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402a85
                                                                                                                                                                                0x00402a9c
                                                                                                                                                                                0x00402aa4
                                                                                                                                                                                0x00402aab
                                                                                                                                                                                0x00402ad1
                                                                                                                                                                                0x00402ad7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402adf
                                                                                                                                                                                0x00402ae5
                                                                                                                                                                                0x00402ae7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402ae7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402aba
                                                                                                                                                                                0x00402ace

                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000100,?), ref: 00402A57
                                                                                                                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                                                                                                                                                                • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1912718029-0
                                                                                                                                                                                • Opcode ID: 32cdae671697de7973d8bb2633bc31189b6b536a9ce7c2939538a07c10ae524a
                                                                                                                                                                                • Instruction ID: 582bceb6e4b24316922a1ee6e85d565da044e62c79b522cd3b8563d0d5e38007
                                                                                                                                                                                • Opcode Fuzzy Hash: 32cdae671697de7973d8bb2633bc31189b6b536a9ce7c2939538a07c10ae524a
                                                                                                                                                                                • Instruction Fuzzy Hash: E7111771A10049BEEF31AF90DE49DAF7B7DEB44345B104036F906A10A0DBB49E51AF69
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029F6(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                                                                                                                0x00401ccb
                                                                                                                                                                                0x00401cd2
                                                                                                                                                                                0x00401d01
                                                                                                                                                                                0x00401d09
                                                                                                                                                                                0x00401d10
                                                                                                                                                                                0x00401d10
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1849352358-0
                                                                                                                                                                                • Opcode ID: aab1ff915591a61a6dff0f8bf18086dee3b735981cb00012526b248d1bc18b45
                                                                                                                                                                                • Instruction ID: c9eade559dcb8dabe12f7fb8fefc2ecb3bb817c4e851fb83d30c8e131ed4808d
                                                                                                                                                                                • Opcode Fuzzy Hash: aab1ff915591a61a6dff0f8bf18086dee3b735981cb00012526b248d1bc18b45
                                                                                                                                                                                • Instruction Fuzzy Hash: B5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004037EF, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E004037EF(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405954(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ec4; // 0x2c
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423e90; // 0x471cb8
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ec0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423660 = _t18[1];
					 *0x423f28 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42365c = _t23;
						E0040593B(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420450, E004059FF(_t13, _t24, _t26, "Unlocker 1.9.2 Setup", 0xfffffffe));
						_t11 =  *0x423eac; // 0x7
						_t27 =  *0x423ea8; // 0x471fe4
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x471ffc
								_t11 = E004059FF(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                                                                                                                                                                                0x004037f3
                                                                                                                                                                                0x004037f8
                                                                                                                                                                                0x004037fe
                                                                                                                                                                                0x00403803
                                                                                                                                                                                0x00403803
                                                                                                                                                                                0x0040380b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040380d
                                                                                                                                                                                0x00403813
                                                                                                                                                                                0x0040381b
                                                                                                                                                                                0x0040381d
                                                                                                                                                                                0x00403823
                                                                                                                                                                                0x00403823
                                                                                                                                                                                0x00403825
                                                                                                                                                                                0x00403831
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403835
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00403837
                                                                                                                                                                                0x0040383c
                                                                                                                                                                                0x00403845
                                                                                                                                                                                0x0040384b
                                                                                                                                                                                0x00403850
                                                                                                                                                                                0x00403864
                                                                                                                                                                                0x0040386f
                                                                                                                                                                                0x00403887
                                                                                                                                                                                0x0040388d
                                                                                                                                                                                0x00403892
                                                                                                                                                                                0x0040389a
                                                                                                                                                                                0x004038bb
                                                                                                                                                                                0x004038bb
                                                                                                                                                                                0x004038bb
                                                                                                                                                                                0x0040389c
                                                                                                                                                                                0x0040389e
                                                                                                                                                                                0x0040389e
                                                                                                                                                                                0x004038a2
                                                                                                                                                                                0x004038a5
                                                                                                                                                                                0x004038a9
                                                                                                                                                                                0x004038a9
                                                                                                                                                                                0x004038ae
                                                                                                                                                                                0x004038b4
                                                                                                                                                                                0x004038b4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040389e
                                                                                                                                                                                0x00403852
                                                                                                                                                                                0x00403857
                                                                                                                                                                                0x00403860
                                                                                                                                                                                0x00403859
                                                                                                                                                                                0x00403859
                                                                                                                                                                                0x00403859
                                                                                                                                                                                0x00403857

                                                                                                                                                                                APIs
                                                                                                                                                                                • SetWindowTextA.USER32(00000000,Unlocker 1.9.2 Setup), ref: 00403887
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: TextWindow
                                                                                                                                                                                • String ID: 1033$C:\Users\user\AppData\Local\Temp\$Unlocker 1.9.2 Setup
                                                                                                                                                                                • API String ID: 530164218-2643474798
                                                                                                                                                                                • Opcode ID: 2885b835fa9f6124610e1a5c6837e8d1ea9164dd69e17ca9c0250379504c76d4
                                                                                                                                                                                • Instruction ID: 1abde7c3b4d11e9a2e55591403c44a3397e590d434b7b54f33d2a439c9831bdd
                                                                                                                                                                                • Opcode Fuzzy Hash: 2885b835fa9f6124610e1a5c6837e8d1ea9164dd69e17ca9c0250379504c76d4
                                                                                                                                                                                • Instruction Fuzzy Hash: 0711C276B002119BC730AF55D8809377BADEF4471631981BFE80167390C73D9E028B98
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004054D0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E004054D0(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                                                                                                                                0x004054d1
                                                                                                                                                                                0x004054e8
                                                                                                                                                                                0x004054f0
                                                                                                                                                                                0x004054f0
                                                                                                                                                                                0x004054f8

                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030B5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 004054D6
                                                                                                                                                                                • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030B5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 004054DF
                                                                                                                                                                                • lstrcatA.KERNEL32(?,00409010), ref: 004054F0
                                                                                                                                                                                Strings
                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 004054D0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                • API String ID: 2659869361-3081826266
                                                                                                                                                                                • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                                                • Instruction ID: 18d73bba3a4f2c077241afd2b81ba446c35da1b9bd2d8ef2eba9fb39a34af30a
                                                                                                                                                                                • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                                                • Instruction Fuzzy Hash: 09D0A7B2505970AED20126195C05FCF2A08CF023117044423F640B21D2C63C5C819BFD
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029F6(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x409010, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E0040593B(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E0040593B(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                                                                                                                                                                0x00401ec7
                                                                                                                                                                                0x00401ecf
                                                                                                                                                                                0x00401ed4
                                                                                                                                                                                0x00401ed9
                                                                                                                                                                                0x00401edd
                                                                                                                                                                                0x00401ee0
                                                                                                                                                                                0x00401ee2
                                                                                                                                                                                0x00401ee9
                                                                                                                                                                                0x00401ef2
                                                                                                                                                                                0x00401efa
                                                                                                                                                                                0x00401efd
                                                                                                                                                                                0x00401f12
                                                                                                                                                                                0x00401f18
                                                                                                                                                                                0x00401f2b
                                                                                                                                                                                0x00401f34
                                                                                                                                                                                0x00401f40
                                                                                                                                                                                0x00401f45
                                                                                                                                                                                0x00401f45
                                                                                                                                                                                0x00401f2b
                                                                                                                                                                                0x00401f48
                                                                                                                                                                                0x00401b75
                                                                                                                                                                                0x00401b75
                                                                                                                                                                                0x00401efd
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                                                                                                                • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                                                                                                                • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                                                                                                                                                                  • Part of subcall function 0040593B: wsprintfA.USER32 ref: 00405948
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1404258612-0
                                                                                                                                                                                • Opcode ID: f9744f7992f8663f166aa538b3da0bee02a0a5d08582e8cd95fa90b08a46e0f1
                                                                                                                                                                                • Instruction ID: 4f4abe4324f754641e01f0e672b51484e064b7e428c6eed24e296c4d37409401
                                                                                                                                                                                • Opcode Fuzzy Hash: f9744f7992f8663f166aa538b3da0bee02a0a5d08582e8cd95fa90b08a46e0f1
                                                                                                                                                                                • Instruction Fuzzy Hash: 5F114CB2901109BFDB01EFA5D981DAEBBB9EF04354B20803AF501F61E1D7389A55DB28
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00405564, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00405564(CHAR* _a4) {
				CHAR* _t3;
				char* _t5;
				CHAR* _t7;
				CHAR* _t8;
				void* _t10;

				_t8 = _a4;
				_t7 = CharNextA(_t8);
				_t3 = CharNextA(_t7);
				if( *_t8 == 0 ||  *_t7 != 0x5c3a) {
					if( *_t8 != 0x5c5c) {
						L8:
						return 0;
					}
					_t10 = 2;
					while(1) {
						_t10 = _t10 - 1;
						_t5 = E004054FB(_t3, 0x5c);
						if( *_t5 == 0) {
							goto L8;
						}
						_t3 = _t5 + 1;
						if(_t10 != 0) {
							continue;
						}
						return _t3;
					}
					goto L8;
				} else {
					return CharNextA(_t3);
				}
			}








                                                                                                                                                                                0x0040556d
                                                                                                                                                                                0x00405574
                                                                                                                                                                                0x00405577
                                                                                                                                                                                0x0040557c
                                                                                                                                                                                0x0040558f
                                                                                                                                                                                0x004055a9
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004055a9
                                                                                                                                                                                0x00405593
                                                                                                                                                                                0x00405594
                                                                                                                                                                                0x00405597
                                                                                                                                                                                0x00405598
                                                                                                                                                                                0x004055a0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004055a2
                                                                                                                                                                                0x004055a5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004055a5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405585
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405586

                                                                                                                                                                                APIs
                                                                                                                                                                                • CharNextA.USER32(00405316,?,C:\,00000000,004055C8,C:\,C:\,?,?,00000000,00405316,?,"C:\Users\user\Desktop\Unlocker1.9.2.exe" ,00000000), ref: 00405572
                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 00405577
                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 00405586
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CharNext
                                                                                                                                                                                • String ID: C:\
                                                                                                                                                                                • API String ID: 3213498283-3404278061
                                                                                                                                                                                • Opcode ID: 68c7f773aafbecf3834176a21eebbfbca0b4bda0270daf5a8c718fc322178301
                                                                                                                                                                                • Instruction ID: fce001944c357d5a5f397a5c884fddf1ab35f0ab5fed97c3c123c2792e791524
                                                                                                                                                                                • Opcode Fuzzy Hash: 68c7f773aafbecf3834176a21eebbfbca0b4bda0270daf5a8c718fc322178301
                                                                                                                                                                                • Instruction Fuzzy Hash: D7F0A751905A2179E72262A88C44B7B57ADDB55721F140437E500F61D582BC4C838FEA
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00402BBE, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00402BBE(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x417020; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x423e8c;
						if(_t2 >  *0x423e8c) {
							_t3 = CreateDialogParamA( *0x423e80, 0x6f, 0, E00402B3B, 0);
							 *0x417020 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00405D38(0);
					}
				} else {
					_t6 =  *0x417020; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x417020 = 0;
					return _t6;
				}
			}






                                                                                                                                                                                0x00402bc5
                                                                                                                                                                                0x00402bdf
                                                                                                                                                                                0x00402be5
                                                                                                                                                                                0x00402bef
                                                                                                                                                                                0x00402bf5
                                                                                                                                                                                0x00402bfb
                                                                                                                                                                                0x00402c0c
                                                                                                                                                                                0x00402c15
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00402c1a
                                                                                                                                                                                0x00402c21
                                                                                                                                                                                0x00402be7
                                                                                                                                                                                0x00402bee
                                                                                                                                                                                0x00402bee
                                                                                                                                                                                0x00402bc7
                                                                                                                                                                                0x00402bc7
                                                                                                                                                                                0x00402bce
                                                                                                                                                                                0x00402bd1
                                                                                                                                                                                0x00402bd1
                                                                                                                                                                                0x00402bd7
                                                                                                                                                                                0x00402bde
                                                                                                                                                                                0x00402bde

                                                                                                                                                                                APIs
                                                                                                                                                                                • DestroyWindow.USER32(00000000,00000000,00402D9E,00000001), ref: 00402BD1
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402BEF
                                                                                                                                                                                • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C0C
                                                                                                                                                                                • ShowWindow.USER32(00000000,00000005), ref: 00402C1A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2102729457-0
                                                                                                                                                                                • Opcode ID: bf07767b331bb76d3b5a2f8e5622a218379b171e4cdb58aec93dcc8b8375aee9
                                                                                                                                                                                • Instruction ID: f2d052a30a3472248e345e5832336eca953f0b1533712f6c56216133e551431f
                                                                                                                                                                                • Opcode Fuzzy Hash: bf07767b331bb76d3b5a2f8e5622a218379b171e4cdb58aec93dcc8b8375aee9
                                                                                                                                                                                • Instruction Fuzzy Hash: 2AF0DA31D09320ABC661AF14FD4CADB7B75BB09B127014936F101B52E8D77868818BAD
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E004024BE(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029F6(0x11));
				} else {
					E004029D9(1);
					 *0x409f50 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405954(_t17 + 8, _t15), "C:\Users\jones\AppData\Local\Temp\nsoF2A7.tmp\InstallOptions.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                                                                                                                                0x004024be
                                                                                                                                                                                0x004024be
                                                                                                                                                                                0x004024c1
                                                                                                                                                                                0x004024dc
                                                                                                                                                                                0x004024c3
                                                                                                                                                                                0x004024c5
                                                                                                                                                                                0x004024ca
                                                                                                                                                                                0x004024d1
                                                                                                                                                                                0x004024e3
                                                                                                                                                                                0x0040265c
                                                                                                                                                                                0x0040265c
                                                                                                                                                                                0x004024e9
                                                                                                                                                                                0x004024fb
                                                                                                                                                                                0x004015a6
                                                                                                                                                                                0x004015a8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004015ae
                                                                                                                                                                                0x004015a8
                                                                                                                                                                                0x0040288e
                                                                                                                                                                                0x0040289a

                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000011), ref: 004024DC
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\InstallOptions.dll,00000000,?,?,00000000,00000011), ref: 004024FB
                                                                                                                                                                                Strings
                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\InstallOptions.dll, xrefs: 004024CA, 004024EF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileWritelstrlen
                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsoF2A7.tmp\InstallOptions.dll
                                                                                                                                                                                • API String ID: 427699356-2863598079
                                                                                                                                                                                • Opcode ID: a0c3a0802b62bc71cd7a1c5371c6928424a701658096b665d01367d308066035
                                                                                                                                                                                • Instruction ID: 28baf68bc3b2ef7cd727d17ca875bc327529d04ff6cae4c8aacaeccaaba980a4
                                                                                                                                                                                • Opcode Fuzzy Hash: a0c3a0802b62bc71cd7a1c5371c6928424a701658096b665d01367d308066035
                                                                                                                                                                                • Instruction Fuzzy Hash: 5AF0B4B2A04241FBDB40BBA09E49AAE37689B00348F10443BA206F51C2D6BC4982A76D
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00405517, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00405517(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                                                                                0x00405518
                                                                                                                                                                                0x00405522
                                                                                                                                                                                0x00405524
                                                                                                                                                                                0x0040552b
                                                                                                                                                                                0x00405533
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405533
                                                                                                                                                                                0x00405535
                                                                                                                                                                                0x0040553a

                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402C8E,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Unlocker1.9.2.exe,C:\Users\user\Desktop\Unlocker1.9.2.exe,80000000,00000003), ref: 0040551D
                                                                                                                                                                                • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402C8E,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Unlocker1.9.2.exe,C:\Users\user\Desktop\Unlocker1.9.2.exe,80000000,00000003), ref: 0040552B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CharPrevlstrlen
                                                                                                                                                                                • String ID: C:\Users\user\Desktop
                                                                                                                                                                                • API String ID: 2709904686-224404859
                                                                                                                                                                                • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                                                • Instruction ID: 1341b21386aa9ee456471dc2eb10899dbff8c866770b3e7d35d8712ddbbc4649
                                                                                                                                                                                • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                                                • Instruction Fuzzy Hash: D9D0C7B2509DB06EE7035614DC04B9F7B89DF17710F1944A2E540A61D5D27C5D418BFD
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00405629, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00405629(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                                                                                                                0x00405635
                                                                                                                                                                                0x00405637
                                                                                                                                                                                0x0040565f
                                                                                                                                                                                0x00405644
                                                                                                                                                                                0x00405649
                                                                                                                                                                                0x00405654
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00405671
                                                                                                                                                                                0x0040565d
                                                                                                                                                                                0x0040565d
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405630
                                                                                                                                                                                • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405649
                                                                                                                                                                                • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405657
                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405660
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.733693967.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.733685351.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733705817.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733714801.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733735330.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733746384.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733754596.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000001.00000002.733765965.000000000042E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Unlocker1.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 190613189-0
                                                                                                                                                                                • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                                                                                • Instruction ID: 25fbcb832c33ec4964fd827efed06e6d871dcd69bbe6b28132c6debe6a032c6a
                                                                                                                                                                                • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                                                                                • Instruction Fuzzy Hash: 02F0A736249D51DBC2025B355C04E6FAA94EF92354B54097AF444F2251D33A98129BBF
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Analysis Process: DeltaTB.exe PID: 6416 Parent PID: 7036 DeltaTB.exeCOMMON

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:29.5%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                Signature Coverage:6.6%
                                                                                                                                                                                Total number of Nodes:136
                                                                                                                                                                                Total number of Limit Nodes:1

                                                                                                                                                                                Graph

                                                                                                                                                                                execution_graph 800 1e23ab VirtualFree 801 1e15a7 821 1e1b83 LoadLibraryA 801->821 806 1e1709 ExitProcess 809 1e16c4 814 1e16fe 809->814 857 1e1889 809->857 813 1e16a8 _wcslen 817 1e16c8 813->817 818 1e16b5 813->818 872 1e17bc 814->872 816 1e1619 816->809 847 1e14dc FindResourceW 816->847 875 1e121f 817->875 851 1e12e1 818->851 822 1e1f51 821->822 823 1e1bb1 GetProcAddress 821->823 885 1e3bc5 822->885 825 1e1c34 LoadLibraryA 823->825 827 1e1c9e LoadLibraryA 825->827 826 1e15d6 829 1e1000 826->829 827->822 894 1e1372 829->894 832 1e101c FindResourceW 833 1e1045 832->833 834 1e1034 832->834 842 1e1015 833->842 901 1e17f0 833->901 926 1e1b44 LoadResource 834->926 838 1e1075 841 1e17bc VirtualFree 838->841 839 1e1081 907 1e1985 839->907 841->842 842->806 843 1e154e 842->843 844 1e1552 843->844 845 1e14dc 4 API calls 844->845 846 1e157c _wcscat _wcscpy 845->846 846->816 848 1e1502 847->848 850 1e1511 _wcsncpy 847->850 849 1e1b44 3 API calls 848->849 849->850 850->813 852 1e1313 _wcsncpy 851->852 853 1e135d 852->853 856 1e121f 12 API calls 852->856 854 1e3bc5 5 API calls 853->854 855 1e136c 854->855 855->809 856->852 858 1e18ac GetCurrentDirectoryW 857->858 859 1e18a9 857->859 860 1e18cd SetCurrentDirectoryW 858->860 861 1e18c2 GetLastError 858->861 859->858 860->861 870 1e18d8 _wcslen 860->870 866 1e1957 861->866 862 1e3bc5 5 API calls 864 1e16f4 RemoveDirectoryW 862->864 863 1e1959 SetCurrentDirectoryW 865 1e196a GetLastError 863->865 863->866 864->814 865->866 866->862 867 1e1941 DeleteFileW 868 1e194c GetLastError 867->868 867->870 868->866 868->870 869 1e1889 5 API calls 869->870 870->863 870->866 870->867 870->869 871 1e1938 RemoveDirectoryW 870->871 871->870 873 1e17c3 VirtualFree 872->873 874 1e17d1 872->874 873->874 874->806 876 1e1255 _wcscpy 875->876 877 1e221a 2 API calls 876->877 878 1e1296 _wcscat 877->878 879 1e12a6 FindFirstFileW 878->879 880 1e12b8 879->880 881 1e12c5 879->881 943 1e10d8 880->943 882 1e3bc5 5 API calls 881->882 883 1e12db 882->883 883->809 886 1e3bcf IsDebuggerPresent 885->886 887 1e3bcd 885->887 893 1e3dc2 886->893 887->826 890 1e3d89 SetUnhandledExceptionFilter UnhandledExceptionFilter 891 1e3dae GetCurrentProcess TerminateProcess 890->891 892 1e3da6 890->892 891->826 892->891 893->890 897 1e1396 894->897 895 1e14c7 896 1e3bc5 5 API calls 895->896 898 1e1011 896->898 897->895 929 1e221a lstrlenW 897->929 898->832 898->842 903 1e1803 901->903 902 1e1071 902->838 902->839 903->902 932 1e2236 903->932 905 1e1863 935 1e23bd 905->935 908 1e19a9 GetCurrentDirectoryW 907->908 909 1e19a6 907->909 910 1e19bf GetLastError 908->910 911 1e19ca SetCurrentDirectoryW 908->911 909->908 922 1e1a9f 910->922 911->910 915 1e19d5 _wcslen 911->915 912 1e3bc5 5 API calls 914 1e1b40 912->914 913 1e1b1c SetCurrentDirectoryW 913->910 913->922 914->842 915->913 916 1e1a6f CreateDirectoryW 915->916 917 1e1aa4 DeleteFileW 915->917 915->922 923 1e1985 5 API calls 915->923 916->915 918 1e1a7c GetLastError 916->918 919 1e1aaf GetLastError 917->919 920 1e1aba CreateFileW 917->920 918->915 918->922 919->920 919->922 921 1e1ad9 WriteFile 920->921 920->922 924 1e1b0b FindCloseChangeNotification 921->924 925 1e1afb SetFileTime 921->925 922->912 923->915 924->915 925->924 927 1e1b5a SizeofResource LockResource 926->927 928 1e1b7b 926->928 927->928 928->833 930 1e2229 lstrcatW 929->930 931 1e143e wsprintfW CreateDirectoryW 929->931 930->931 931->895 931->897 933 1e223d 932->933 934 1e2240 VirtualAlloc 932->934 933->905 934->905 936 1e23de 935->936 938 1e23d9 935->938 936->938 939 1e3a8f 936->939 938->902 942 1e3af2 939->942 940 1e3bc5 5 API calls 941 1e3bc3 940->941 941->938 942->940 944 1e110b _wcscpy 943->944 945 1e221a 2 API calls 944->945 946 1e1128 945->946 947 1e1139 946->947 950 1e118a 946->950 960 1e109d 947->960 951 1e11b5 wsprintfW 950->951 952 1e11bf CreateProcessW 951->952 954 1e11e7 GetExitCodeProcess 952->954 956 1e11e2 952->956 953 1e221a 2 API calls 955 1e1168 wsprintfW 953->955 954->956 955->952 958 1e3bc5 5 API calls 956->958 959 1e1215 958->959 959->881 961 1e10c2 960->961 962 1e3bc5 5 API calls 961->962 963 1e10d4 962->963 963->953 964 1e23a0 965 1e2236 VirtualAlloc 964->965 966 1e23a9 965->966

                                                                                                                                                                                Callgraph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                                                • Disassembly available
                                                                                                                                                                                callgraph 0 Function_001E121F 4 Function_001E221A 0->4 5 Function_001E10D8 0->5 6 Function_001E1718 0->6 8 Function_001E3BD4 0->8 18 Function_001E3BC5 0->18 20 Function_001E3C02 0->20 1 Function_001E14DC 16 Function_001E1B44 1->16 38 Function_001E3C21 1->38 2 Function_001E17DD 3 Function_001E109D 3->18 5->3 5->4 5->6 5->18 5->20 7 Function_001E2254 9 Function_001E3110 10 Function_001E3DD0 11 Function_001E154E 11->1 11->8 11->20 12 Function_001E3A8F 13 Function_001E3A4A 12->13 12->18 28 Function_001E39F2 12->28 29 Function_001E37B2 12->29 14 Function_001E1889 14->2 14->14 14->18 35 Function_001E3CA2 14->35 15 Function_001E3189 15->9 24 Function_001E243C 15->24 17 Function_001E1985 17->2 17->17 17->18 17->35 19 Function_001E3DC2 18->19 21 Function_001E1B83 21->18 22 Function_001E1000 22->16 22->17 23 Function_001E17BC 22->23 27 Function_001E1372 22->27 31 Function_001E17F0 22->31 25 Function_001E23BD 25->7 25->12 26 Function_001E2236 27->4 27->18 29->9 29->15 30 Function_001E31F3 29->30 31->10 31->25 31->26 32 Function_001E23AB 33 Function_001E3C6B 34 Function_001E15A7 34->0 34->1 34->11 34->14 34->21 34->22 34->23 34->33 34->35 37 Function_001E12E1 34->37 36 Function_001E23A0 36->26 37->0 37->18 37->38

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 001E121F, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66fileCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 144 1e121f-1e126b call 1e3c02 call 1e1718 149 1e126d-1e126f 144->149 150 1e1277-1e12b6 call 1e3c02 call 1e221a call 1e3bd4 FindFirstFileW 144->150 149->150 157 1e12b8-1e12c0 call 1e10d8 150->157 158 1e12c7-1e12c9 150->158 164 1e12c5 157->164 159 1e12ca-1e12de call 1e3bc5 158->159 164->159
                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                			E001E121F(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				char _v1068;
				struct _WIN32_FIND_DATAW _v1660;
				intOrPtr _v1664;
				intOrPtr _v1668;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t54;
				void* _t55;
				WCHAR* _t57;
				void* _t58;
				signed int _t59;
				signed int _t61;

				_t61 = (_t59 & 0xfffffff8) - 0x67c;
				_v8 =  *0x1e5000 ^ _t61;
				_t38 = __edx;
				_v1664 = _a4;
				_t54 = __ecx;
				E001E3C02( &_v1068, __edx);
				_t52 =  &_v1068;
				_t23 = E001E1718(L".dll,",  &_v1068);
				if(_t23 != 0xffffffff) {
					 *((short*)(_t61 + 0x268 + _t23 * 2)) = 0;
				}
				E001E3C02( &_v540, _t54 + 0x44);
				_t57 =  &_v540;
				E001E221A(_t57);
				E001E3BD4(_t57,  &_v1068);
				_t33 = FindFirstFileW(_t57,  &_v1660);
				_t65 = _t33 - 0xffffffff;
				if(_t33 == 0xffffffff) {
					_t34 = 5;
				} else {
					 *((intOrPtr*)(_t54 + 0x34))(_t33);
					_t34 = E001E10D8(_t38, _t54, _t65, _v1668);
				}
				_pop(_t55);
				_pop(_t58);
				_pop(_t39);
				return E001E3BC5(_t34, _t39, _v8 ^ _t61, _t52, _t55, _t58);
			}






















                                                                                                                                                                                0x001e1225
                                                                                                                                                                                0x001e1232
                                                                                                                                                                                0x001e123f
                                                                                                                                                                                0x001e1241
                                                                                                                                                                                0x001e124e
                                                                                                                                                                                0x001e1250
                                                                                                                                                                                0x001e125c
                                                                                                                                                                                0x001e1263
                                                                                                                                                                                0x001e126b
                                                                                                                                                                                0x001e126f
                                                                                                                                                                                0x001e126f
                                                                                                                                                                                0x001e1283
                                                                                                                                                                                0x001e128a
                                                                                                                                                                                0x001e1291
                                                                                                                                                                                0x001e12a1
                                                                                                                                                                                0x001e12b0
                                                                                                                                                                                0x001e12b3
                                                                                                                                                                                0x001e12b6
                                                                                                                                                                                0x001e12c9
                                                                                                                                                                                0x001e12b8
                                                                                                                                                                                0x001e12b9
                                                                                                                                                                                0x001e12c0
                                                                                                                                                                                0x001e12c0
                                                                                                                                                                                0x001e12d1
                                                                                                                                                                                0x001e12d2
                                                                                                                                                                                0x001e12d3
                                                                                                                                                                                0x001e12de

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.706864470.00000000001E1000.00000020.00020000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                                • Associated: 00000005.00000002.706850338.00000000001E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706872422.00000000001E4000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706884988.00000000001E6000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1e0000_DeltaTB.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _wcscpy$FileFindFirst_wcscat
                                                                                                                                                                                • String ID: .dll,$setup.exe
                                                                                                                                                                                • API String ID: 2931365424-1808119565
                                                                                                                                                                                • Opcode ID: 5ef3a3d29c10dbb4970a991ea48652114da8311594f7d42d0977881dc677ab08
                                                                                                                                                                                • Instruction ID: 90fcbf9a328cf6a74ef8ca6ae53dc8b215aaa17e4a2478e87ec483dd9e1850f7
                                                                                                                                                                                • Opcode Fuzzy Hash: 5ef3a3d29c10dbb4970a991ea48652114da8311594f7d42d0977881dc677ab08
                                                                                                                                                                                • Instruction Fuzzy Hash: D911967210CA846BC724EB699C4999FB7DDEF88320F204A2FF269C3490DF31A5548756
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 001E1985, Relevance: 19.6, APIs: 13, Instructions: 142filetimeCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                			E001E1985(signed int* __ecx, intOrPtr __edx, WCHAR* _a4, char _a8) {
				signed int _v8;
				short _v540;
				intOrPtr _v544;
				long _v548;
				struct _FILETIME _v556;
				intOrPtr _v560;
				void* __ebx;
				void* __edi;
				void* __esi;
				int _t36;
				intOrPtr _t39;
				int _t41;
				intOrPtr _t42;
				intOrPtr _t43;
				int _t49;
				WCHAR* _t51;
				int _t59;
				intOrPtr _t61;
				intOrPtr _t67;
				char* _t72;
				intOrPtr _t73;
				WCHAR* _t74;
				intOrPtr* _t76;
				signed int _t77;

				_t73 = __edx;
				_v8 =  *0x1e5000 ^ _t77;
				_t74 = _a4;
				_t76 = __ecx;
				if(_a8 != 0) {
					 *__ecx =  *__ecx & 0x00000000;
				}
				if(GetCurrentDirectoryW(0x104,  &_v540) != 0) {
					_t36 = SetCurrentDirectoryW(_t74); // executed
					if(_t36 == 0) {
						goto L3;
					} else {
						while(1) {
							_t39 =  *_t76;
							if(_t39 >=  *((intOrPtr*)(_t76 + 4))) {
								break;
							}
							_t67 =  *((intOrPtr*)(_t76 + 8));
							_t74 =  *(_t67 + _t39);
							_t42 = _t39 + 4;
							 *_t76 = _t42;
							_v548 = _t74;
							_t73 =  *((intOrPtr*)(_t42 + _t67));
							_t43 = _t42 + 4;
							_v560 = _t73;
							 *_t76 = _t43;
							if(_t73 == 2) {
								break;
							} else {
								if(_t73 == 0 &&  *((intOrPtr*)(_t76 + 0xc)) > 1) {
									_v544 = _t67 + _t43;
									_v544 = _v544 -  &_v556;
									do {
										_t72 = _t77 + _t73 - 0x228;
										_t73 = _t73 + 1;
										 *_t72 =  *((intOrPtr*)(_v544 + _t72));
									} while (_t73 < 8);
									 *_t76 = _t43 + 8;
								}
								_t61 =  *_t76;
								 *_t76 = _t61 + _t74;
								E001E17DD(_t76);
								_t74 =  *_t76 +  *((intOrPtr*)(_t76 + 8));
								 *_t76 =  *_t76 + E001E3CA2(_t74) + _t46 + 2;
								E001E17DD(_t76);
								if(_v560 != 1) {
									_t49 = DeleteFileW(_t74); // executed
									if(_t49 != 0 || GetLastError() == 2) {
										_t51 = CreateFileW(_t74, 0x40000000, 0, 0, 2, 0x80, 0); // executed
										_t74 = _t51;
										if(_t74 == 0xffffffff) {
											_t37 = 9;
										} else {
											WriteFile(_t74,  *((intOrPtr*)(_t76 + 8)) + _t61, _v548,  &_v548, 0); // executed
											if( *((intOrPtr*)(_t76 + 0xc)) > 1) {
												SetFileTime(_t74,  &_v556,  &_v556,  &_v556); // executed
											}
											FindCloseChangeNotification(_t74); // executed
											continue;
										}
									}
								} else {
									_t59 = CreateDirectoryW(_t74, 0); // executed
									if(_t59 != 0 || GetLastError() == 0xb7) {
										_t37 = E001E1985(_t76, _t73, _t74, 0); // executed
										if(_t37 == 0) {
											continue;
										} else {
										}
									}
								}
							}
							goto L26;
						}
						_t41 = SetCurrentDirectoryW( &_v540); // executed
						if(_t41 == 0) {
							goto L3;
						} else {
							_t37 = 0;
						}
					}
				} else {
					L3:
					_t37 = GetLastError();
				}
				L26:
				return E001E3BC5(_t37, _t61, _v8 ^ _t77, _t73, _t74, _t76);
			}



























                                                                                                                                                                                0x001e1985
                                                                                                                                                                                0x001e1995
                                                                                                                                                                                0x001e199f
                                                                                                                                                                                0x001e19a2
                                                                                                                                                                                0x001e19a4
                                                                                                                                                                                0x001e19a6
                                                                                                                                                                                0x001e19a6
                                                                                                                                                                                0x001e19bd
                                                                                                                                                                                0x001e19cb
                                                                                                                                                                                0x001e19d3
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e19d5
                                                                                                                                                                                0x001e19d5
                                                                                                                                                                                0x001e19d5
                                                                                                                                                                                0x001e19da
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e19e0
                                                                                                                                                                                0x001e19e3
                                                                                                                                                                                0x001e19e6
                                                                                                                                                                                0x001e19e9
                                                                                                                                                                                0x001e19eb
                                                                                                                                                                                0x001e19f1
                                                                                                                                                                                0x001e19f4
                                                                                                                                                                                0x001e19f7
                                                                                                                                                                                0x001e19fd
                                                                                                                                                                                0x001e1a02
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e1a08
                                                                                                                                                                                0x001e1a0a
                                                                                                                                                                                0x001e1a14
                                                                                                                                                                                0x001e1a20
                                                                                                                                                                                0x001e1a26
                                                                                                                                                                                0x001e1a2c
                                                                                                                                                                                0x001e1a36
                                                                                                                                                                                0x001e1a37
                                                                                                                                                                                0x001e1a39
                                                                                                                                                                                0x001e1a41
                                                                                                                                                                                0x001e1a41
                                                                                                                                                                                0x001e1a43
                                                                                                                                                                                0x001e1a48
                                                                                                                                                                                0x001e1a4a
                                                                                                                                                                                0x001e1a51
                                                                                                                                                                                0x001e1a5e
                                                                                                                                                                                0x001e1a61
                                                                                                                                                                                0x001e1a6d
                                                                                                                                                                                0x001e1aa5
                                                                                                                                                                                0x001e1aad
                                                                                                                                                                                0x001e1acc
                                                                                                                                                                                0x001e1ad2
                                                                                                                                                                                0x001e1ad7
                                                                                                                                                                                0x001e1b19
                                                                                                                                                                                0x001e1ad9
                                                                                                                                                                                0x001e1aef
                                                                                                                                                                                0x001e1af9
                                                                                                                                                                                0x001e1b05
                                                                                                                                                                                0x001e1b05
                                                                                                                                                                                0x001e1b0c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e1b0c
                                                                                                                                                                                0x001e1ad7
                                                                                                                                                                                0x001e1a6f
                                                                                                                                                                                0x001e1a72
                                                                                                                                                                                0x001e1a7a
                                                                                                                                                                                0x001e1a92
                                                                                                                                                                                0x001e1a99
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e1a9f
                                                                                                                                                                                0x001e1a99
                                                                                                                                                                                0x001e1a7a
                                                                                                                                                                                0x001e1a6d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e1a02
                                                                                                                                                                                0x001e1b23
                                                                                                                                                                                0x001e1b2b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e1b31
                                                                                                                                                                                0x001e1b31
                                                                                                                                                                                0x001e1b31
                                                                                                                                                                                0x001e1b2b
                                                                                                                                                                                0x001e19bf
                                                                                                                                                                                0x001e19bf
                                                                                                                                                                                0x001e19bf
                                                                                                                                                                                0x001e19bf
                                                                                                                                                                                0x001e1b33
                                                                                                                                                                                0x001e1b41

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,00000000), ref: 001E19B5
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 001E19BF
                                                                                                                                                                                • SetCurrentDirectoryW.KERNELBASE(?), ref: 001E19CB
                                                                                                                                                                                • _wcslen.LIBCMT ref: 001E1A55
                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000), ref: 001E1A72
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 001E1A7C
                                                                                                                                                                                • DeleteFileW.KERNELBASE(?), ref: 001E1AA5
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 001E1AAF
                                                                                                                                                                                • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 001E1ACC
                                                                                                                                                                                • WriteFile.KERNELBASE(00000000,?,?,?,00000000), ref: 001E1AEF
                                                                                                                                                                                • SetFileTime.KERNELBASE(00000000,?,?,?), ref: 001E1B05
                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(00000000), ref: 001E1B0C
                                                                                                                                                                                • SetCurrentDirectoryW.KERNELBASE(?), ref: 001E1B23
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.706864470.00000000001E1000.00000020.00020000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                                • Associated: 00000005.00000002.706850338.00000000001E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706872422.00000000001E4000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706884988.00000000001E6000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1e0000_DeltaTB.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DirectoryFile$CurrentErrorLast$Create$ChangeCloseDeleteFindNotificationTimeWrite_wcslen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 113073435-0
                                                                                                                                                                                • Opcode ID: 256eee1920e9d91621d2d2e6638351c01d2b354bffa4302b57701b3ac0d690d0
                                                                                                                                                                                • Instruction ID: 267888307cbb3cab3d7158e1d6dbb5c785236d4d415f83e5de7adb52bc81d3b6
                                                                                                                                                                                • Opcode Fuzzy Hash: 256eee1920e9d91621d2d2e6638351c01d2b354bffa4302b57701b3ac0d690d0
                                                                                                                                                                                • Instruction Fuzzy Hash: 6751BC31A00684AFD7209FA2DC88BBEB7F9EF55714F204469E586D7291E7309A81CF20
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 001E10D8, Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 111processCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                C-Code - Quality: 56%
                                                                                                                                                                                			E001E10D8(void* __ebx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t49;
				WCHAR* _t51;
				int _t57;
				long _t63;
				void* _t65;
				void* _t86;
				void* _t89;
				void* _t90;
				signed int _t91;
				void* _t93;

				_t86 = __edi;
				_t74 = __ebx;
				_t91 = _t93 - 0x80c;
				 *(_t91 + 0x808) =  *0x1e5000 ^ _t91;
				 *((intOrPtr*)(_t91 - 0x28)) =  *((intOrPtr*)(_t91 + 0x814));
				_push(_t91 - 0x80);
				 *(_t91 - 0x80) = 0x44;
				 *((intOrPtr*)(__edi + 0x1c))();
				E001E3C02(_t91 + 0x5fc, __edi + 0x44);
				E001E221A(_t91 + 0x5fc);
				_t85 = __ebx;
				if(E001E1718(L".dll,", __ebx) == 0xffffffff) {
					_t85 = __ebx;
					_t49 = E001E1718(L".msi", __ebx);
					_push( *((intOrPtr*)(_t91 - 0x28)));
					_push(__ebx);
					_push(_t91 + 0x5fc);
					_t51 = _t91 - 0x24;
					if(_t49 == 0xffffffff) {
						_push(L"\"%s%s\" %s");
					} else {
						_push(L"msiexec /i \"%s%s\" %s");
					}
					wsprintfW(_t51, ??);
				} else {
					_t65 = E001E109D(__edi);
					_push(_t91 + 0x3f0);
					_push(0);
					_push(0);
					_push(0x25 + (0 | _t65 != 0x00000000) * 4);
					_push(0);
					 *((intOrPtr*)(__edi + 0x20))();
					_t90 = _t91 + 0x3f0;
					E001E221A(_t90);
					wsprintfW(_t91 - 0x24, L"\"%srundll32.exe\"  \"%s%s\" %s", _t90, _t91 + 0x5fc, __ebx,  *((intOrPtr*)(_t91 - 0x28)));
				}
				_t57 = CreateProcessW(0, _t91 - 0x24, 0, 0, 0, 0, 0, _t86 + 0x44, _t91 - 0x80, _t91 - 0x3c); // executed
				_pop(_t89);
				if(_t57 != 0) {
					 *((intOrPtr*)(_t86 + 0x24))( *(_t91 - 0x3c), 0xffffffff);
					GetExitCodeProcess( *(_t91 - 0x3c), _t91 - 0x2c);
					 *((intOrPtr*)(_t86 + 0x2c))( *(_t91 - 0x3c));
					 *((intOrPtr*)(_t86 + 0x2c))( *((intOrPtr*)(_t91 - 0x38)));
					_t63 =  *(_t91 - 0x2c);
				} else {
					_t63 = 0xc;
				}
				return E001E3BC5(_t63, _t74,  *(_t91 + 0x808) ^ _t91, _t85, _t86, _t89);
			}














                                                                                                                                                                                0x001e10d8
                                                                                                                                                                                0x001e10d8
                                                                                                                                                                                0x001e10d9
                                                                                                                                                                                0x001e10ed
                                                                                                                                                                                0x001e10f9
                                                                                                                                                                                0x001e1100
                                                                                                                                                                                0x001e1101
                                                                                                                                                                                0x001e1108
                                                                                                                                                                                0x001e1116
                                                                                                                                                                                0x001e1123
                                                                                                                                                                                0x001e112d
                                                                                                                                                                                0x001e1137
                                                                                                                                                                                0x001e118f
                                                                                                                                                                                0x001e1191
                                                                                                                                                                                0x001e1196
                                                                                                                                                                                0x001e11a2
                                                                                                                                                                                0x001e11a3
                                                                                                                                                                                0x001e11a4
                                                                                                                                                                                0x001e11a7
                                                                                                                                                                                0x001e11b0
                                                                                                                                                                                0x001e11a9
                                                                                                                                                                                0x001e11a9
                                                                                                                                                                                0x001e11a9
                                                                                                                                                                                0x001e11b6
                                                                                                                                                                                0x001e1139
                                                                                                                                                                                0x001e113a
                                                                                                                                                                                0x001e114c
                                                                                                                                                                                0x001e114f
                                                                                                                                                                                0x001e1150
                                                                                                                                                                                0x001e1158
                                                                                                                                                                                0x001e1159
                                                                                                                                                                                0x001e115a
                                                                                                                                                                                0x001e115d
                                                                                                                                                                                0x001e1163
                                                                                                                                                                                0x001e117f
                                                                                                                                                                                0x001e1185
                                                                                                                                                                                0x001e11d7
                                                                                                                                                                                0x001e11dd
                                                                                                                                                                                0x001e11e0
                                                                                                                                                                                0x001e11ec
                                                                                                                                                                                0x001e11f6
                                                                                                                                                                                0x001e11fc
                                                                                                                                                                                0x001e1202
                                                                                                                                                                                0x001e1205
                                                                                                                                                                                0x001e11e2
                                                                                                                                                                                0x001e11e4
                                                                                                                                                                                0x001e11e4
                                                                                                                                                                                0x001e121c

                                                                                                                                                                                APIs
                                                                                                                                                                                • _wcscpy.LIBCMT ref: 001E1116
                                                                                                                                                                                  • Part of subcall function 001E221A: lstrlenW.KERNEL32(?,001E143E), ref: 001E221B
                                                                                                                                                                                  • Part of subcall function 001E221A: lstrcatW.KERNEL32(?,001E4238), ref: 001E222F
                                                                                                                                                                                • wsprintfW.USER32 ref: 001E117F
                                                                                                                                                                                • wsprintfW.USER32 ref: 001E11B6
                                                                                                                                                                                • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 001E11D7
                                                                                                                                                                                • GetExitCodeProcess.KERNELBASE(?,?), ref: 001E11F6
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.706864470.00000000001E1000.00000020.00020000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                                • Associated: 00000005.00000002.706850338.00000000001E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706872422.00000000001E4000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706884988.00000000001E6000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1e0000_DeltaTB.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Processwsprintf$CodeCreateExit_wcscpylstrcatlstrlen
                                                                                                                                                                                • String ID: "%s%s" %s$"%srundll32.exe" "%s%s" %s$.dll,$.msi$msiexec /i "%s%s" %s$setup.exe
                                                                                                                                                                                • API String ID: 1002973698-2298058916
                                                                                                                                                                                • Opcode ID: 0a14c1564fe0ad0978be2e604e1f64ef7142fa1751113c1177e606df80e8d58d
                                                                                                                                                                                • Instruction ID: 7854a44273dcd6acc19208ae0d9de801aaa3ad8926d305ad4de63b8bc06769bc
                                                                                                                                                                                • Opcode Fuzzy Hash: 0a14c1564fe0ad0978be2e604e1f64ef7142fa1751113c1177e606df80e8d58d
                                                                                                                                                                                • Instruction Fuzzy Hash: 3B3152B190058EBBDB14EFA5DC45EEE7BBDFF08314F104225F616E6151DB30AA548BA0
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 001E15A7, Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 66 1e15a7-1e1605 call 1e1b83 call 1e1000 72 1e160b-1e161d call 1e154e 66->72 73 1e1715-1e1716 66->73 77 1e16e3-1e16f8 call 1e1889 RemoveDirectoryW 72->77 78 1e1623-1e162c 72->78 74 1e170f ExitProcess 73->74 87 1e16fe-1e170c call 1e17bc 77->87 80 1e162e 78->80 81 1e169a-1e16b3 call 1e14dc call 1e3ca2 78->81 83 1e1634-1e1646 call 1e3c6b 80->83 96 1e16c8-1e16d7 call 1e121f 81->96 97 1e16b5-1e16bf call 1e12e1 81->97 91 1e1648-1e165a call 1e3c6b 83->91 92 1e1689 83->92 87->73 99 1e170e 87->99 91->92 103 1e165c-1e166e call 1e3c6b 91->103 98 1e168d-1e1698 92->98 105 1e16dc-1e16e1 96->105 104 1e16c4-1e16c6 97->104 98->81 98->83 99->74 108 1e1684-1e1687 103->108 109 1e1670-1e1682 call 1e3c6b 103->109 104->105 105->77 105->87 108->98 109->98 109->108
                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                			_entry_() {
				void* _t36;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t51;
				void* _t52;
				void* _t53;
				char _t54;
				void* _t56;
				void* _t62;
				void* _t64;
				signed int _t65;
				void* _t66;
				signed int _t71;
				void* _t72;
				void* _t73;
				void* _t74;

				_t71 = _t72 - 0x9c0;
				_t73 = _t72 - 0xa3c;
				 *(_t71 + 0x9bc) =  *0x1e5000 ^ _t71;
				_t54 = 0;
				_t67 = _t71 - 0x78;
				 *((char*)(_t71 - 0x79)) = 0;
				 *((char*)(_t71 - 0x7a)) = 1;
				E001E1B83(_t71 - 0x78);
				 *((intOrPtr*)(_t71 + 0x1dc)) = 0;
				 *((intOrPtr*)(_t71 + 0x1e0)) = 0;
				 *((intOrPtr*)(_t71 + 0x1e4)) = 0;
				 *((intOrPtr*)(_t71 + 0x1e8)) = 3;
				 *((intOrPtr*)(_t71 + 0x1d8)) =  *((intOrPtr*)(_t71 - 0x3c))(0, _t62, _t66, _t53);
				_t36 = E001E1000(_t67, _t56, _t61, _t74); // executed
				if(_t36 != 0) {
					L19:
					_push(_t54);
					L18:
					ExitProcess(); // executed
				}
				_t64 = E001E154E(_t67, _t71 + 0x1ec);
				if(_t64 != 0) {
					L15:
					E001E1889(_t54, _t71 + 0x1dc, _t61, _t71 - 0x34, 1); // executed
					RemoveDirectoryW(_t71 - 0x34); // executed
					L16:
					E001E17BC(_t71 + 0x1dc);
					if( *((intOrPtr*)(_t71 - 0x79)) == _t54) {
						goto L19;
					}
					_push(_t64); // executed
					goto L18;
				}
				_t65 = 0;
				if( *((intOrPtr*)(_t71 + 0x1ec)) == 0) {
					L11:
					_t69 = E001E14DC(_t71 - 0x78, L"ExecuteFiles");
					_t46 = E001E3CA2(_t45);
					_t83 = _t46;
					if(_t46 == 0) {
						_t61 = L"setup.exe";
						_t48 = E001E121F(_t71 - 0x78, L"setup.exe", __eflags, _t71 + 0x1ec);
					} else {
						_t48 = E001E12E1(_t71 - 0x78, _t71 + 0x1ec, _t65, _t83, _t69); // executed
						_t54 = 0;
					}
					_t64 = _t48;
					if( *((intOrPtr*)(_t71 - 0x7a)) == _t54) {
						goto L16;
					} else {
						goto L15;
					}
				}
				_t70 = _t71 + 0x1ec;
				do {
					_t49 = E001E3C6B(_t70, L"/rt", 3);
					_t73 = _t73 + 0xc;
					if(_t49 == 0) {
						L9:
						 *((char*)(_t71 - 0x79)) = 1;
						goto L10;
					}
					_t50 = E001E3C6B(_t70, L"-rt", 3);
					_t73 = _t73 + 0xc;
					if(_t50 == 0) {
						goto L9;
					}
					_t51 = E001E3C6B(_t70, L"/nodel", 6);
					_t73 = _t73 + 0xc;
					if(_t51 == 0) {
						L8:
						 *((char*)(_t71 - 0x7a)) = _t54;
						goto L10;
					}
					_t52 = E001E3C6B(_t70, L"-nodel", 6);
					_t73 = _t73 + 0xc;
					if(_t52 != 0) {
						goto L10;
					}
					goto L8;
					L10:
					_t65 = _t65 + 1;
					_t70 = _t71 + 0x1ec + _t65 * 2;
				} while ( *((intOrPtr*)(_t71 + 0x1ec + _t65 * 2)) != _t54);
				goto L11;
			}





















                                                                                                                                                                                0x001e15a8
                                                                                                                                                                                0x001e15af
                                                                                                                                                                                0x001e15bc
                                                                                                                                                                                0x001e15c4
                                                                                                                                                                                0x001e15c7
                                                                                                                                                                                0x001e15ca
                                                                                                                                                                                0x001e15cd
                                                                                                                                                                                0x001e15d1
                                                                                                                                                                                0x001e15d7
                                                                                                                                                                                0x001e15dd
                                                                                                                                                                                0x001e15e3
                                                                                                                                                                                0x001e15e9
                                                                                                                                                                                0x001e15f6
                                                                                                                                                                                0x001e15fe
                                                                                                                                                                                0x001e1605
                                                                                                                                                                                0x001e1715
                                                                                                                                                                                0x001e1715
                                                                                                                                                                                0x001e170f
                                                                                                                                                                                0x001e170f
                                                                                                                                                                                0x001e170f
                                                                                                                                                                                0x001e1619
                                                                                                                                                                                0x001e161d
                                                                                                                                                                                0x001e16e3
                                                                                                                                                                                0x001e16ef
                                                                                                                                                                                0x001e16f8
                                                                                                                                                                                0x001e16fe
                                                                                                                                                                                0x001e1704
                                                                                                                                                                                0x001e170c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e170e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e170e
                                                                                                                                                                                0x001e1623
                                                                                                                                                                                0x001e162c
                                                                                                                                                                                0x001e169a
                                                                                                                                                                                0x001e16a8
                                                                                                                                                                                0x001e16ab
                                                                                                                                                                                0x001e16b1
                                                                                                                                                                                0x001e16b3
                                                                                                                                                                                0x001e16cf
                                                                                                                                                                                0x001e16d7
                                                                                                                                                                                0x001e16b5
                                                                                                                                                                                0x001e16bf
                                                                                                                                                                                0x001e16c4
                                                                                                                                                                                0x001e16c4
                                                                                                                                                                                0x001e16dc
                                                                                                                                                                                0x001e16e1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e16e1
                                                                                                                                                                                0x001e162e
                                                                                                                                                                                0x001e1634
                                                                                                                                                                                0x001e163c
                                                                                                                                                                                0x001e1641
                                                                                                                                                                                0x001e1646
                                                                                                                                                                                0x001e1689
                                                                                                                                                                                0x001e1689
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e1689
                                                                                                                                                                                0x001e1650
                                                                                                                                                                                0x001e1655
                                                                                                                                                                                0x001e165a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e1664
                                                                                                                                                                                0x001e1669
                                                                                                                                                                                0x001e166e
                                                                                                                                                                                0x001e1684
                                                                                                                                                                                0x001e1684
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e1684
                                                                                                                                                                                0x001e1678
                                                                                                                                                                                0x001e167d
                                                                                                                                                                                0x001e1682
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e168d
                                                                                                                                                                                0x001e168d
                                                                                                                                                                                0x001e168e
                                                                                                                                                                                0x001e1695
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 001E1B83: LoadLibraryA.KERNEL32(Kernel32.dll,?,00000000), ref: 001E1B9F
                                                                                                                                                                                  • Part of subcall function 001E1B83: GetProcAddress.KERNEL32(00000000,?), ref: 001E1BF1
                                                                                                                                                                                  • Part of subcall function 001E1B83: LoadLibraryA.KERNELBASE(?,?,00000000), ref: 001E1C94
                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 001E170F
                                                                                                                                                                                  • Part of subcall function 001E154E: _wcscpy.LIBCMT ref: 001E1581
                                                                                                                                                                                  • Part of subcall function 001E154E: _wcscat.LIBCMT ref: 001E158F
                                                                                                                                                                                  • Part of subcall function 001E154E: _wcscat.LIBCMT ref: 001E1599
                                                                                                                                                                                • _wcslen.LIBCMT ref: 001E16AB
                                                                                                                                                                                • RemoveDirectoryW.KERNELBASE(?,?,00000001,?), ref: 001E16F8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.706864470.00000000001E1000.00000020.00020000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                                • Associated: 00000005.00000002.706850338.00000000001E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706872422.00000000001E4000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706884988.00000000001E6000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1e0000_DeltaTB.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad_wcscat$AddressDirectoryExitProcProcessRemove_wcscpy_wcslen
                                                                                                                                                                                • String ID: -nodel$-rt$/nodel$/rt$ExecuteFiles$setup.exe
                                                                                                                                                                                • API String ID: 1851553072-3790594100
                                                                                                                                                                                • Opcode ID: df6af6802cce95b976d0be532ff272d7ae67cde7da3fea6002d204e9fe57f2e2
                                                                                                                                                                                • Instruction ID: ac9085c084f3b64baab8a68a7c9cc6d349ac1ea3855bc93683db1227aeaadb7a
                                                                                                                                                                                • Opcode Fuzzy Hash: df6af6802cce95b976d0be532ff272d7ae67cde7da3fea6002d204e9fe57f2e2
                                                                                                                                                                                • Instruction Fuzzy Hash: 4E41C271A00AC8ABDB30EFA6DC81BDD76A96F25300F150029FE05A7142EBB09B45CB95
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 001E1889, Relevance: 13.6, APIs: 9, Instructions: 89fileCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 112 1e1889-1e18a7 113 1e18ac-1e18c0 GetCurrentDirectoryW 112->113 114 1e18a9 112->114 115 1e18cd-1e18d6 SetCurrentDirectoryW 113->115 116 1e18c2-1e18c8 GetLastError 113->116 114->113 115->116 118 1e18d8 115->118 117 1e1975-1e1982 call 1e3bc5 116->117 119 1e18d9-1e18de 118->119 121 1e1959-1e1968 SetCurrentDirectoryW 119->121 122 1e18e0-1e18f6 119->122 125 1e196a-1e1970 GetLastError 121->125 126 1e1972 121->126 122->121 124 1e18f8-1e18fa 122->124 127 1e18fc-1e1900 124->127 128 1e1907-1e1928 call 1e17dd call 1e3ca2 call 1e17dd 124->128 129 1e1974 125->129 126->129 127->128 130 1e1902-1e1905 127->130 137 1e192a-1e1936 call 1e1889 128->137 138 1e1941-1e194a DeleteFileW 128->138 129->117 130->128 137->129 143 1e1938-1e193f RemoveDirectoryW 137->143 138->119 139 1e194c-1e1955 GetLastError 138->139 139->119 142 1e1957 139->142 142->129 143->119
                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                			E001E1889(void* __ebx, signed int* __ecx, intOrPtr __edx, WCHAR* _a4, char _a8) {
				signed int _v8;
				short _v532;
				void* __edi;
				void* __esi;
				int _t19;
				intOrPtr _t22;
				int _t24;
				intOrPtr _t25;
				intOrPtr _t26;
				int _t31;
				void* _t34;
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t42;
				WCHAR* _t43;
				intOrPtr* _t45;
				signed int _t46;

				_t42 = __edx;
				_t34 = __ebx;
				_v8 =  *0x1e5000 ^ _t46;
				_t43 = _a4;
				_t45 = __ecx;
				if(_a8 != 0) {
					 *__ecx =  *__ecx & 0x00000000;
				}
				if(GetCurrentDirectoryW(0x104,  &_v532) != 0) {
					_t19 = SetCurrentDirectoryW(_t43); // executed
					if(_t19 == 0) {
						goto L3;
					}
					_push(_t34);
					while(1) {
						_t22 =  *_t45;
						if(_t22 >=  *((intOrPtr*)(_t45 + 4))) {
							break;
						}
						_t39 =  *((intOrPtr*)(_t45 + 8));
						_t42 =  *((intOrPtr*)(_t39 + _t22));
						_t25 = _t22 + 4;
						 *_t45 = _t25;
						_t35 =  *((intOrPtr*)(_t25 + _t39));
						_t26 = _t25 + 4;
						 *_t45 = _t26;
						if(_t35 == 2) {
							break;
						}
						if(_t35 == 0 &&  *((intOrPtr*)(_t45 + 0xc)) > 1) {
							 *_t45 = _t26 + 8;
						}
						 *_t45 =  *_t45 + _t42;
						E001E17DD(_t45);
						_t43 =  *_t45 +  *((intOrPtr*)(_t45 + 8));
						 *_t45 =  *_t45 + E001E3CA2(_t43) + _t28 + 2;
						E001E17DD(_t45);
						if(_t35 != 1) {
							_t31 = DeleteFileW(_t43); // executed
							if(_t31 != 0 || GetLastError() == 2) {
								continue;
							} else {
								goto L20;
							}
						} else {
							_t20 = E001E1889(_t35, _t45, _t42, _t43, 0); // executed
							if(_t20 != 0) {
								L20:
								_pop(_t34);
								goto L21;
							}
							RemoveDirectoryW(_t43); // executed
							continue;
						}
					}
					_t24 = SetCurrentDirectoryW( &_v532); // executed
					if(_t24 != 0) {
						_t20 = 0;
					} else {
						_t20 = GetLastError();
					}
					goto L20;
				} else {
					L3:
					_t20 = GetLastError();
					L21:
					return E001E3BC5(_t20, _t34, _v8 ^ _t46, _t42, _t43, _t45);
				}
			}




















                                                                                                                                                                                0x001e1889
                                                                                                                                                                                0x001e1889
                                                                                                                                                                                0x001e1899
                                                                                                                                                                                0x001e18a2
                                                                                                                                                                                0x001e18a5
                                                                                                                                                                                0x001e18a7
                                                                                                                                                                                0x001e18a9
                                                                                                                                                                                0x001e18a9
                                                                                                                                                                                0x001e18c0
                                                                                                                                                                                0x001e18ce
                                                                                                                                                                                0x001e18d6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e18d8
                                                                                                                                                                                0x001e18d9
                                                                                                                                                                                0x001e18d9
                                                                                                                                                                                0x001e18de
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e18e0
                                                                                                                                                                                0x001e18e3
                                                                                                                                                                                0x001e18e6
                                                                                                                                                                                0x001e18e9
                                                                                                                                                                                0x001e18eb
                                                                                                                                                                                0x001e18ee
                                                                                                                                                                                0x001e18f1
                                                                                                                                                                                0x001e18f6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e18fa
                                                                                                                                                                                0x001e1905
                                                                                                                                                                                0x001e1905
                                                                                                                                                                                0x001e1907
                                                                                                                                                                                0x001e1909
                                                                                                                                                                                0x001e1910
                                                                                                                                                                                0x001e191d
                                                                                                                                                                                0x001e1920
                                                                                                                                                                                0x001e1928
                                                                                                                                                                                0x001e1942
                                                                                                                                                                                0x001e194a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e1957
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e1957
                                                                                                                                                                                0x001e192a
                                                                                                                                                                                0x001e192f
                                                                                                                                                                                0x001e1936
                                                                                                                                                                                0x001e1974
                                                                                                                                                                                0x001e1974
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e1974
                                                                                                                                                                                0x001e1939
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e1939
                                                                                                                                                                                0x001e1928
                                                                                                                                                                                0x001e1960
                                                                                                                                                                                0x001e1968
                                                                                                                                                                                0x001e1972
                                                                                                                                                                                0x001e196a
                                                                                                                                                                                0x001e196a
                                                                                                                                                                                0x001e196a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e18c2
                                                                                                                                                                                0x001e18c2
                                                                                                                                                                                0x001e18c2
                                                                                                                                                                                0x001e1975
                                                                                                                                                                                0x001e1982
                                                                                                                                                                                0x001e1982

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,?), ref: 001E18B8
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 001E18C2
                                                                                                                                                                                • SetCurrentDirectoryW.KERNELBASE(?), ref: 001E18CE
                                                                                                                                                                                • _wcslen.LIBCMT ref: 001E1914
                                                                                                                                                                                • RemoveDirectoryW.KERNELBASE(?,00000000), ref: 001E1939
                                                                                                                                                                                • DeleteFileW.KERNELBASE(?,00000000), ref: 001E1942
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 001E194C
                                                                                                                                                                                • SetCurrentDirectoryW.KERNELBASE(?,00000000), ref: 001E1960
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 001E196A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.706864470.00000000001E1000.00000020.00020000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                                • Associated: 00000005.00000002.706850338.00000000001E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706872422.00000000001E4000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706884988.00000000001E6000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1e0000_DeltaTB.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Directory$CurrentErrorLast$DeleteFileRemove_wcslen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2019885757-0
                                                                                                                                                                                • Opcode ID: df533f9c8cecd13b6ac0dfaba32ca55f2e827207406d1a53b942cd5c1acd7920
                                                                                                                                                                                • Instruction ID: 4d48ac9d69c85c03d0e1650854f296cbfaf10a486ea05b6ba6318fcc550e13de
                                                                                                                                                                                • Opcode Fuzzy Hash: df533f9c8cecd13b6ac0dfaba32ca55f2e827207406d1a53b942cd5c1acd7920
                                                                                                                                                                                • Instruction Fuzzy Hash: 4831BF31600A85ABD734AF63D888BAE73E8BF51718B50082DE583D7551D730E980DB51
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 001E1B83, Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 413libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 165 1e1b83-1e1bab LoadLibraryA 166 1e2207-1e2219 call 1e3bc5 165->166 167 1e1bb1-1e1f4d GetProcAddress LoadLibraryA * 2 165->167 178 1e1f51-1e2204 167->178 178->166
                                                                                                                                                                                C-Code - Quality: 72%
                                                                                                                                                                                			E001E1B83(intOrPtr* __esi) {
				void* __ebx;
				void* __edi;
				_Unknown_base(*)()* _t356;
				struct HINSTANCE__* _t358;
				void* _t361;
				struct HINSTANCE__* _t372;
				void* _t392;
				void* _t400;
				struct HINSTANCE__* _t402;
				void* _t403;
				intOrPtr* _t404;
				signed int _t405;
				void* _t407;

				_t404 = __esi;
				_t405 = _t407 - 0x78;
				 *(_t405 + 0x74) =  *0x1e5000 ^ _t405;
				_t402 = LoadLibraryA("Kernel32.dll");
				if(_t402 != 0) {
					 *(_t405 - 0x24) = 0x47;
					 *((char*)(_t405 - 0x23)) = 0x65;
					 *((char*)(_t405 - 0x22)) = 0x74;
					 *((char*)(_t405 - 0x21)) = 0x50;
					 *((char*)(_t405 - 0x20)) = 0x72;
					 *((char*)(_t405 - 0x1f)) = 0x6f;
					 *((char*)(_t405 - 0x1e)) = 0x63;
					 *((char*)(_t405 - 0x1d)) = 0x41;
					 *((char*)(_t405 - 0x1c)) = 0x64;
					 *((char*)(_t405 - 0x1b)) = 0x64;
					 *((char*)(_t405 - 0x1a)) = 0x72;
					 *((char*)(_t405 - 0x19)) = 0x65;
					 *((char*)(_t405 - 0x18)) = 0x73;
					 *((char*)(_t405 - 0x17)) = 0x73;
					 *((char*)(_t405 - 0x16)) = 0;
					_t356 = GetProcAddress(_t402, _t405 - 0x24);
					 *(__esi + 4) = _t356;
					 *((char*)(_t405 + 0xc)) = 0x4c;
					 *((char*)(_t405 + 0xd)) = 0x6f;
					 *((char*)(_t405 + 0xe)) = 0x61;
					 *((char*)(_t405 + 0xf)) = 0x64;
					 *((char*)(_t405 + 0x10)) = 0x4c;
					 *((char*)(_t405 + 0x11)) = 0x69;
					 *((char*)(_t405 + 0x12)) = 0x62;
					 *((char*)(_t405 + 0x13)) = 0x72;
					 *((char*)(_t405 + 0x14)) = 0x61;
					 *((char*)(_t405 + 0x15)) = 0x72;
					 *((char*)(_t405 + 0x16)) = 0x79;
					 *((char*)(_t405 + 0x17)) = 0x41;
					 *((char*)(_t405 + 0x18)) = 0;
					 *__esi =  *_t356(_t402, _t405 + 0xc);
					 *(_t405 + 0x68) = 0x4f;
					 *((char*)(_t405 + 0x69)) = 0x4c;
					 *((char*)(_t405 + 0x6a)) = 0x45;
					 *((char*)(_t405 + 0x6b)) = 0x33;
					 *((char*)(_t405 + 0x6c)) = 0x32;
					 *((char*)(_t405 + 0x6d)) = 0x2e;
					 *((char*)(_t405 + 0x6e)) = 0x44;
					 *((char*)(_t405 + 0x6f)) = 0x4c;
					 *((char*)(_t405 + 0x70)) = 0x4c;
					 *((char*)(_t405 + 0x71)) = 0;
					 *((char*)(_t405 - 4)) = 0x43;
					 *((char*)(_t405 - 3)) = 0x6f;
					 *((char*)(_t405 - 2)) = 0x43;
					 *((char*)(_t405 - 1)) = 0x72;
					 *_t405 = 0x65;
					 *((char*)(_t405 + 1)) = 0x61;
					 *((char*)(_t405 + 2)) = 0x74;
					 *((char*)(_t405 + 3)) = 0x65;
					 *((char*)(_t405 + 4)) = 0x47;
					 *((char*)(_t405 + 5)) = 0x75;
					 *((char*)(_t405 + 6)) = 0x69;
					 *((char*)(_t405 + 7)) = 0x64;
					 *((char*)(_t405 + 8)) = 0;
					_t358 = LoadLibraryA(_t405 + 0x68); // executed
					_push(_t405 - 4);
					_push(_t358);
					 *((intOrPtr*)(__esi + 8)) =  *(__esi + 4)();
					 *((char*)(_t405 + 0x50)) = 0x55;
					 *((char*)(_t405 + 0x51)) = 0x73;
					 *((char*)(_t405 + 0x52)) = 0x65;
					 *((char*)(_t405 + 0x53)) = 0x72;
					 *((char*)(_t405 + 0x54)) = 0x33;
					 *((char*)(_t405 + 0x55)) = 0x32;
					 *((char*)(_t405 + 0x56)) = 0x2e;
					 *((char*)(_t405 + 0x57)) = 0x64;
					 *((char*)(_t405 + 0x58)) = 0x6c;
					 *((char*)(_t405 + 0x59)) = 0x6c;
					 *((char*)(_t405 + 0x5a)) = 0;
					 *((char*)(_t405 + 0x38)) = 0x4d;
					_push(_t405 + 0x50);
					 *((char*)(_t405 + 0x39)) = 0x65;
					 *((char*)(_t405 + 0x3a)) = 0x73;
					 *((char*)(_t405 + 0x3b)) = 0x73;
					 *((char*)(_t405 + 0x3c)) = 0x61;
					 *((char*)(_t405 + 0x3d)) = 0x67;
					 *((char*)(_t405 + 0x3e)) = 0x65;
					 *((char*)(_t405 + 0x3f)) = 0x42;
					 *((char*)(_t405 + 0x40)) = 0x6f;
					 *((char*)(_t405 + 0x41)) = 0x78;
					 *((char*)(_t405 + 0x42)) = 0x57;
					 *((char*)(_t405 + 0x43)) = 0;
					_t361 =  *__esi();
					_push(_t405 + 0x38);
					_push(_t361);
					 *((intOrPtr*)(__esi + 0xc)) =  *(__esi + 4)();
					_push(_t405 - 0x90);
					_push(_t402);
					 *((char*)(_t405 - 0x90)) = 0x43;
					 *((char*)(_t405 - 0x8f)) = 0x72;
					 *((char*)(_t405 - 0x8e)) = 0x65;
					 *((char*)(_t405 - 0x8d)) = 0x61;
					 *((char*)(_t405 - 0x8c)) = 0x74;
					 *((char*)(_t405 - 0x8b)) = 0x65;
					 *((char*)(_t405 - 0x8a)) = 0x44;
					 *((char*)(_t405 - 0x89)) = 0x69;
					 *((char*)(_t405 - 0x88)) = 0x72;
					 *((char*)(_t405 - 0x87)) = 0x65;
					 *((char*)(_t405 - 0x86)) = 0x63;
					 *((char*)(_t405 - 0x85)) = 0x74;
					 *((char*)(_t405 - 0x84)) = 0x6f;
					 *((char*)(_t405 - 0x83)) = 0x72;
					 *((char*)(_t405 - 0x82)) = 0x79;
					 *((char*)(_t405 - 0x81)) = 0x57;
					 *((char*)(_t405 - 0x80)) = 0;
					 *((intOrPtr*)(__esi + 0x10)) =  *(__esi + 4)();
					_push(_t405 - 0x14);
					_push(_t402);
					 *((char*)(_t405 - 0x14)) = 0x47;
					 *((char*)(_t405 - 0x13)) = 0x65;
					 *((char*)(_t405 - 0x12)) = 0x74;
					 *((char*)(_t405 - 0x11)) = 0x54;
					 *((char*)(_t405 - 0x10)) = 0x65;
					 *((char*)(_t405 - 0xf)) = 0x6d;
					 *((char*)(_t405 - 0xe)) = 0x70;
					 *((char*)(_t405 - 0xd)) = 0x50;
					 *((char*)(_t405 - 0xc)) = 0x61;
					 *((char*)(_t405 - 0xb)) = 0x74;
					 *((char*)(_t405 - 0xa)) = 0x68;
					 *((char*)(_t405 - 9)) = 0x57;
					 *((char*)(_t405 - 8)) = 0;
					 *((intOrPtr*)(__esi + 0x14)) =  *(__esi + 4)();
					 *((char*)(_t405 - 0xd4)) = 0x47;
					 *((char*)(_t405 - 0xd3)) = 0x65;
					 *((char*)(_t405 - 0xd2)) = 0x74;
					 *((char*)(_t405 - 0xd1)) = 0x53;
					 *((char*)(_t405 - 0xd0)) = 0x79;
					 *((char*)(_t405 - 0xcf)) = 0x73;
					 *((char*)(_t405 - 0xce)) = 0x74;
					 *((char*)(_t405 - 0xcd)) = 0x65;
					 *((char*)(_t405 - 0xcc)) = 0x6d;
					 *((char*)(_t405 - 0xcb)) = 0x57;
					 *((char*)(_t405 - 0xca)) = 0x6f;
					 *((char*)(_t405 - 0xc9)) = 0x77;
					 *((char*)(_t405 - 0xc8)) = 0x36;
					 *((char*)(_t405 - 0xc7)) = 0x34;
					 *((char*)(_t405 - 0xc6)) = 0x44;
					 *((char*)(_t405 - 0xc5)) = 0x69;
					 *((char*)(_t405 - 0xc4)) = 0x72;
					 *((char*)(_t405 - 0xc3)) = 0x65;
					 *((char*)(_t405 - 0xc2)) = 0x63;
					 *((char*)(_t405 - 0xc1)) = 0x74;
					 *((char*)(_t405 - 0xc0)) = 0x6f;
					 *((char*)(_t405 - 0xbf)) = 0x72;
					_push(_t405 - 0xd4);
					_push(_t402);
					 *((char*)(_t405 - 0xbe)) = 0x79;
					 *((char*)(_t405 - 0xbd)) = 0x57;
					 *((char*)(_t405 - 0xbc)) = 0;
					 *((intOrPtr*)(__esi + 0x18)) =  *(__esi + 4)();
					_push(_t405 - 0x54);
					_push(_t402);
					 *((char*)(_t405 - 0x54)) = 0x47;
					 *((char*)(_t405 - 0x53)) = 0x65;
					 *((char*)(_t405 - 0x52)) = 0x74;
					 *((char*)(_t405 - 0x51)) = 0x53;
					 *((char*)(_t405 - 0x50)) = 0x74;
					 *((char*)(_t405 - 0x4f)) = 0x61;
					 *((char*)(_t405 - 0x4e)) = 0x72;
					 *((char*)(_t405 - 0x4d)) = 0x74;
					 *((char*)(_t405 - 0x4c)) = 0x75;
					 *((char*)(_t405 - 0x4b)) = 0x70;
					 *((char*)(_t405 - 0x4a)) = 0x49;
					 *((char*)(_t405 - 0x49)) = 0x6e;
					 *((char*)(_t405 - 0x48)) = 0x66;
					 *((char*)(_t405 - 0x47)) = 0x6f;
					 *((char*)(_t405 - 0x46)) = 0x57;
					 *((char*)(_t405 - 0x45)) = 0;
					 *((intOrPtr*)(__esi + 0x1c)) =  *(__esi + 4)();
					 *(_t405 + 0x44) = 0x53;
					 *((char*)(_t405 + 0x45)) = 0x68;
					 *((char*)(_t405 + 0x46)) = 0x65;
					 *((char*)(_t405 + 0x47)) = 0x6c;
					 *((char*)(_t405 + 0x48)) = 0x6c;
					 *((char*)(_t405 + 0x49)) = 0x33;
					 *((char*)(_t405 + 0x4a)) = 0x32;
					 *((char*)(_t405 + 0x4b)) = 0x2e;
					 *((char*)(_t405 + 0x4c)) = 0x64;
					 *((char*)(_t405 + 0x4d)) = 0x6c;
					 *((char*)(_t405 + 0x4e)) = 0x6c;
					 *((char*)(_t405 + 0x4f)) = 0;
					 *((char*)(_t405 - 0x7c)) = 0x53;
					 *((char*)(_t405 - 0x7b)) = 0x48;
					 *((char*)(_t405 - 0x7a)) = 0x47;
					 *((char*)(_t405 - 0x79)) = 0x65;
					 *((char*)(_t405 - 0x78)) = 0x74;
					 *((char*)(_t405 - 0x77)) = 0x46;
					 *((char*)(_t405 - 0x76)) = 0x6f;
					 *((char*)(_t405 - 0x75)) = 0x6c;
					 *((char*)(_t405 - 0x74)) = 0x64;
					 *((char*)(_t405 - 0x73)) = 0x65;
					 *((char*)(_t405 - 0x72)) = 0x72;
					 *((char*)(_t405 - 0x71)) = 0x50;
					 *((char*)(_t405 - 0x70)) = 0x61;
					 *((char*)(_t405 - 0x6f)) = 0x74;
					 *((char*)(_t405 - 0x6e)) = 0x68;
					 *((char*)(_t405 - 0x6d)) = 0x57;
					 *((char*)(_t405 - 0x6c)) = 0;
					_t372 = LoadLibraryA(_t405 + 0x44); // executed
					_push(_t405 - 0x7c);
					_push(_t372);
					 *((intOrPtr*)(__esi + 0x20)) =  *(__esi + 4)();
					 *((char*)(_t405 - 0xb8)) = 0x57;
					 *((char*)(_t405 - 0xb7)) = 0x61;
					 *((char*)(_t405 - 0xb6)) = 0x69;
					 *((char*)(_t405 - 0xb5)) = 0x74;
					 *((char*)(_t405 - 0xb4)) = 0x46;
					 *((char*)(_t405 - 0xb3)) = 0x6f;
					 *((char*)(_t405 - 0xb2)) = 0x72;
					 *((char*)(_t405 - 0xb1)) = 0x53;
					 *((char*)(_t405 - 0xb0)) = 0x69;
					 *((char*)(_t405 - 0xaf)) = 0x6e;
					 *((char*)(_t405 - 0xae)) = 0x67;
					 *((char*)(_t405 - 0xad)) = 0x6c;
					 *((char*)(_t405 - 0xac)) = 0x65;
					 *((char*)(_t405 - 0xab)) = 0x4f;
					 *((char*)(_t405 - 0xaa)) = 0x62;
					_push(_t405 - 0xb8);
					_push(_t402);
					 *((char*)(_t405 - 0xa9)) = 0x6a;
					 *((char*)(_t405 - 0xa8)) = 0x65;
					 *((char*)(_t405 - 0xa7)) = 0x63;
					 *((char*)(_t405 - 0xa6)) = 0x74;
					 *((char*)(_t405 - 0xa5)) = 0;
					 *((intOrPtr*)(__esi + 0x24)) =  *(__esi + 4)();
					_push(_t405 - 0xa4);
					_push(_t402);
					 *((char*)(_t405 - 0xa4)) = 0x47;
					 *((char*)(_t405 - 0xa3)) = 0x65;
					 *((char*)(_t405 - 0xa2)) = 0x74;
					 *((char*)(_t405 - 0xa1)) = 0x45;
					 *((char*)(_t405 - 0xa0)) = 0x78;
					 *((char*)(_t405 - 0x9f)) = 0x69;
					 *((char*)(_t405 - 0x9e)) = 0x74;
					 *((char*)(_t405 - 0x9d)) = 0x43;
					 *((char*)(_t405 - 0x9c)) = 0x6f;
					 *((char*)(_t405 - 0x9b)) = 0x64;
					 *((char*)(_t405 - 0x9a)) = 0x65;
					 *((char*)(_t405 - 0x99)) = 0x50;
					 *((char*)(_t405 - 0x98)) = 0x72;
					 *((char*)(_t405 - 0x97)) = 0x6f;
					 *((char*)(_t405 - 0x96)) = 0x63;
					 *((char*)(_t405 - 0x95)) = 0x65;
					 *((char*)(_t405 - 0x94)) = 0x73;
					 *((char*)(_t405 - 0x93)) = 0x73;
					 *((char*)(_t405 - 0x92)) = 0;
					 *((intOrPtr*)(__esi + 0x28)) =  *(__esi + 4)();
					_push(_t405 + 0x2c);
					_push(_t402);
					 *((char*)(_t405 + 0x2c)) = 0x43;
					 *((char*)(_t405 + 0x2d)) = 0x6c;
					 *((char*)(_t405 + 0x2e)) = 0x6f;
					 *((char*)(_t405 + 0x2f)) = 0x73;
					 *((char*)(_t405 + 0x30)) = 0x65;
					 *((char*)(_t405 + 0x31)) = 0x48;
					 *((char*)(_t405 + 0x32)) = 0x61;
					 *((char*)(_t405 + 0x33)) = 0x6e;
					 *((char*)(_t405 + 0x34)) = 0x64;
					 *((char*)(_t405 + 0x35)) = 0x6c;
					 *((char*)(_t405 + 0x36)) = 0x65;
					 *((char*)(_t405 + 0x37)) = 0;
					 *((intOrPtr*)(__esi + 0x2c)) =  *(__esi + 4)();
					_push(_t405 - 0x34);
					_push(_t402);
					 *((char*)(_t405 - 0x34)) = 0x46;
					 *((char*)(_t405 - 0x33)) = 0x69;
					 *((char*)(_t405 - 0x32)) = 0x6e;
					 *((char*)(_t405 - 0x31)) = 0x64;
					 *((char*)(_t405 - 0x30)) = 0x46;
					 *((char*)(_t405 - 0x2f)) = 0x69;
					 *((char*)(_t405 - 0x2e)) = 0x72;
					 *((char*)(_t405 - 0x2d)) = 0x73;
					 *((char*)(_t405 - 0x2c)) = 0x74;
					 *((char*)(_t405 - 0x2b)) = 0x46;
					 *((char*)(_t405 - 0x2a)) = 0x69;
					 *((char*)(_t405 - 0x29)) = 0x6c;
					 *((char*)(_t405 - 0x28)) = 0x65;
					 *((char*)(_t405 - 0x27)) = 0x57;
					 *((char*)(_t405 - 0x26)) = 0;
					 *((intOrPtr*)(__esi + 0x30)) =  *(__esi + 4)();
					 *((char*)(_t405 + 0x5c)) = 0x46;
					 *((char*)(_t405 + 0x5d)) = 0x69;
					 *((char*)(_t405 + 0x5e)) = 0x6e;
					 *((char*)(_t405 + 0x5f)) = 0x64;
					 *((char*)(_t405 + 0x60)) = 0x43;
					 *((char*)(_t405 + 0x61)) = 0x6c;
					 *((char*)(_t405 + 0x62)) = 0x6f;
					 *((char*)(_t405 + 0x63)) = 0x73;
					 *((char*)(_t405 + 0x64)) = 0x65;
					 *((char*)(_t405 + 0x65)) = 0;
					_push(_t405 + 0x5c);
					_push(_t402);
					 *((intOrPtr*)(__esi + 0x34)) =  *(__esi + 4)();
					_push(_t405 - 0x44);
					_push(_t402);
					 *((char*)(_t405 - 0x44)) = 0x47;
					 *((char*)(_t405 - 0x43)) = 0x65;
					 *((char*)(_t405 - 0x42)) = 0x74;
					 *((char*)(_t405 - 0x41)) = 0x43;
					 *((char*)(_t405 - 0x40)) = 0x6f;
					 *((char*)(_t405 - 0x3f)) = 0x6d;
					 *((char*)(_t405 - 0x3e)) = 0x6d;
					 *((char*)(_t405 - 0x3d)) = 0x61;
					 *((char*)(_t405 - 0x3c)) = 0x6e;
					 *((char*)(_t405 - 0x3b)) = 0x64;
					 *((char*)(_t405 - 0x3a)) = 0x4c;
					 *((char*)(_t405 - 0x39)) = 0x69;
					 *((char*)(_t405 - 0x38)) = 0x6e;
					 *((char*)(_t405 - 0x37)) = 0x65;
					 *((char*)(_t405 - 0x36)) = 0x57;
					 *((char*)(_t405 - 0x35)) = 0;
					 *((intOrPtr*)(__esi + 0x38)) =  *(__esi + 4)();
					_push(_t405 - 0x68);
					_push(_t402);
					 *((char*)(_t405 - 0x68)) = 0x47;
					 *((char*)(_t405 - 0x67)) = 0x65;
					 *((char*)(_t405 - 0x66)) = 0x74;
					 *((char*)(_t405 - 0x65)) = 0x4d;
					 *((char*)(_t405 - 0x64)) = 0x6f;
					 *((char*)(_t405 - 0x63)) = 0x64;
					 *((char*)(_t405 - 0x62)) = 0x75;
					 *((char*)(_t405 - 0x61)) = 0x6c;
					 *((char*)(_t405 - 0x60)) = 0x65;
					 *((char*)(_t405 - 0x5f)) = 0x48;
					 *((char*)(_t405 - 0x5e)) = 0x61;
					 *((char*)(_t405 - 0x5d)) = 0x6e;
					 *((char*)(_t405 - 0x5c)) = 0x64;
					 *((char*)(_t405 - 0x5b)) = 0x6c;
					 *((char*)(_t405 - 0x5a)) = 0x65;
					 *((char*)(_t405 - 0x59)) = 0x57;
					 *((char*)(_t405 - 0x58)) = 0;
					 *((intOrPtr*)(__esi + 0x3c)) =  *(__esi + 4)();
					_push(_t405 + 0x1c);
					_push(_t402);
					 *((char*)(_t405 + 0x1c)) = 0x47;
					 *((char*)(_t405 + 0x1d)) = 0x65;
					 *((char*)(_t405 + 0x1e)) = 0x74;
					 *((char*)(_t405 + 0x1f)) = 0x4c;
					 *((char*)(_t405 + 0x20)) = 0x61;
					 *((char*)(_t405 + 0x21)) = 0x73;
					 *((char*)(_t405 + 0x22)) = 0x74;
					 *((char*)(_t405 + 0x23)) = 0x45;
					 *((char*)(_t405 + 0x24)) = 0x72;
					 *((char*)(_t405 + 0x25)) = 0x72;
					 *((char*)(_t405 + 0x26)) = 0x6f;
					 *((char*)(_t405 + 0x27)) = 0x72;
					 *((char*)(_t405 + 0x28)) = 0;
					 *((intOrPtr*)(__esi + 0x40)) =  *(__esi + 4)();
				}
				_pop(_t403);
				_pop(_t392);
				return E001E3BC5(_t404, _t392,  *(_t405 + 0x74) ^ _t405, _t400, _t403, _t404);
			}
















                                                                                                                                                                                0x001e1b83
                                                                                                                                                                                0x001e1b84
                                                                                                                                                                                0x001e1b95
                                                                                                                                                                                0x001e1ba5
                                                                                                                                                                                0x001e1bab
                                                                                                                                                                                0x001e1bb6
                                                                                                                                                                                0x001e1bba
                                                                                                                                                                                0x001e1bbe
                                                                                                                                                                                0x001e1bc2
                                                                                                                                                                                0x001e1bc6
                                                                                                                                                                                0x001e1bca
                                                                                                                                                                                0x001e1bce
                                                                                                                                                                                0x001e1bd2
                                                                                                                                                                                0x001e1bd6
                                                                                                                                                                                0x001e1bda
                                                                                                                                                                                0x001e1bde
                                                                                                                                                                                0x001e1be2
                                                                                                                                                                                0x001e1be6
                                                                                                                                                                                0x001e1bea
                                                                                                                                                                                0x001e1bee
                                                                                                                                                                                0x001e1bf1
                                                                                                                                                                                0x001e1bfc
                                                                                                                                                                                0x001e1bff
                                                                                                                                                                                0x001e1c03
                                                                                                                                                                                0x001e1c07
                                                                                                                                                                                0x001e1c0b
                                                                                                                                                                                0x001e1c0f
                                                                                                                                                                                0x001e1c13
                                                                                                                                                                                0x001e1c17
                                                                                                                                                                                0x001e1c1b
                                                                                                                                                                                0x001e1c1f
                                                                                                                                                                                0x001e1c23
                                                                                                                                                                                0x001e1c27
                                                                                                                                                                                0x001e1c2b
                                                                                                                                                                                0x001e1c2f
                                                                                                                                                                                0x001e1c38
                                                                                                                                                                                0x001e1c3a
                                                                                                                                                                                0x001e1c3e
                                                                                                                                                                                0x001e1c42
                                                                                                                                                                                0x001e1c46
                                                                                                                                                                                0x001e1c4a
                                                                                                                                                                                0x001e1c4e
                                                                                                                                                                                0x001e1c52
                                                                                                                                                                                0x001e1c56
                                                                                                                                                                                0x001e1c5a
                                                                                                                                                                                0x001e1c5e
                                                                                                                                                                                0x001e1c61
                                                                                                                                                                                0x001e1c65
                                                                                                                                                                                0x001e1c69
                                                                                                                                                                                0x001e1c6d
                                                                                                                                                                                0x001e1c71
                                                                                                                                                                                0x001e1c75
                                                                                                                                                                                0x001e1c79
                                                                                                                                                                                0x001e1c7d
                                                                                                                                                                                0x001e1c81
                                                                                                                                                                                0x001e1c85
                                                                                                                                                                                0x001e1c89
                                                                                                                                                                                0x001e1c8d
                                                                                                                                                                                0x001e1c91
                                                                                                                                                                                0x001e1c94
                                                                                                                                                                                0x001e1c99
                                                                                                                                                                                0x001e1c9a
                                                                                                                                                                                0x001e1c9e
                                                                                                                                                                                0x001e1ca1
                                                                                                                                                                                0x001e1ca5
                                                                                                                                                                                0x001e1ca9
                                                                                                                                                                                0x001e1cad
                                                                                                                                                                                0x001e1cb1
                                                                                                                                                                                0x001e1cb5
                                                                                                                                                                                0x001e1cb9
                                                                                                                                                                                0x001e1cbd
                                                                                                                                                                                0x001e1cc1
                                                                                                                                                                                0x001e1cc5
                                                                                                                                                                                0x001e1cc9
                                                                                                                                                                                0x001e1ccc
                                                                                                                                                                                0x001e1cd3
                                                                                                                                                                                0x001e1cd4
                                                                                                                                                                                0x001e1cd8
                                                                                                                                                                                0x001e1cdc
                                                                                                                                                                                0x001e1ce0
                                                                                                                                                                                0x001e1ce4
                                                                                                                                                                                0x001e1ce8
                                                                                                                                                                                0x001e1cec
                                                                                                                                                                                0x001e1cf0
                                                                                                                                                                                0x001e1cf4
                                                                                                                                                                                0x001e1cf8
                                                                                                                                                                                0x001e1cfc
                                                                                                                                                                                0x001e1cff
                                                                                                                                                                                0x001e1d04
                                                                                                                                                                                0x001e1d05
                                                                                                                                                                                0x001e1d09
                                                                                                                                                                                0x001e1d12
                                                                                                                                                                                0x001e1d13
                                                                                                                                                                                0x001e1d14
                                                                                                                                                                                0x001e1d1b
                                                                                                                                                                                0x001e1d22
                                                                                                                                                                                0x001e1d29
                                                                                                                                                                                0x001e1d30
                                                                                                                                                                                0x001e1d37
                                                                                                                                                                                0x001e1d3e
                                                                                                                                                                                0x001e1d45
                                                                                                                                                                                0x001e1d4c
                                                                                                                                                                                0x001e1d53
                                                                                                                                                                                0x001e1d5a
                                                                                                                                                                                0x001e1d61
                                                                                                                                                                                0x001e1d68
                                                                                                                                                                                0x001e1d6f
                                                                                                                                                                                0x001e1d76
                                                                                                                                                                                0x001e1d7d
                                                                                                                                                                                0x001e1d84
                                                                                                                                                                                0x001e1d8a
                                                                                                                                                                                0x001e1d90
                                                                                                                                                                                0x001e1d91
                                                                                                                                                                                0x001e1d92
                                                                                                                                                                                0x001e1d96
                                                                                                                                                                                0x001e1d9a
                                                                                                                                                                                0x001e1d9e
                                                                                                                                                                                0x001e1da2
                                                                                                                                                                                0x001e1da6
                                                                                                                                                                                0x001e1daa
                                                                                                                                                                                0x001e1dae
                                                                                                                                                                                0x001e1db2
                                                                                                                                                                                0x001e1db6
                                                                                                                                                                                0x001e1dba
                                                                                                                                                                                0x001e1dbe
                                                                                                                                                                                0x001e1dc2
                                                                                                                                                                                0x001e1dc8
                                                                                                                                                                                0x001e1dcb
                                                                                                                                                                                0x001e1dd2
                                                                                                                                                                                0x001e1dd9
                                                                                                                                                                                0x001e1de0
                                                                                                                                                                                0x001e1de7
                                                                                                                                                                                0x001e1dee
                                                                                                                                                                                0x001e1df5
                                                                                                                                                                                0x001e1dfc
                                                                                                                                                                                0x001e1e03
                                                                                                                                                                                0x001e1e0a
                                                                                                                                                                                0x001e1e11
                                                                                                                                                                                0x001e1e18
                                                                                                                                                                                0x001e1e1f
                                                                                                                                                                                0x001e1e26
                                                                                                                                                                                0x001e1e2d
                                                                                                                                                                                0x001e1e34
                                                                                                                                                                                0x001e1e3b
                                                                                                                                                                                0x001e1e42
                                                                                                                                                                                0x001e1e49
                                                                                                                                                                                0x001e1e50
                                                                                                                                                                                0x001e1e57
                                                                                                                                                                                0x001e1e5e
                                                                                                                                                                                0x001e1e6b
                                                                                                                                                                                0x001e1e6c
                                                                                                                                                                                0x001e1e6d
                                                                                                                                                                                0x001e1e74
                                                                                                                                                                                0x001e1e7b
                                                                                                                                                                                0x001e1e84
                                                                                                                                                                                0x001e1e8a
                                                                                                                                                                                0x001e1e8b
                                                                                                                                                                                0x001e1e8c
                                                                                                                                                                                0x001e1e90
                                                                                                                                                                                0x001e1e94
                                                                                                                                                                                0x001e1e98
                                                                                                                                                                                0x001e1e9c
                                                                                                                                                                                0x001e1ea0
                                                                                                                                                                                0x001e1ea4
                                                                                                                                                                                0x001e1ea8
                                                                                                                                                                                0x001e1eac
                                                                                                                                                                                0x001e1eb0
                                                                                                                                                                                0x001e1eb4
                                                                                                                                                                                0x001e1eb8
                                                                                                                                                                                0x001e1ebc
                                                                                                                                                                                0x001e1ec0
                                                                                                                                                                                0x001e1ec4
                                                                                                                                                                                0x001e1ec8
                                                                                                                                                                                0x001e1ece
                                                                                                                                                                                0x001e1ed5
                                                                                                                                                                                0x001e1ed9
                                                                                                                                                                                0x001e1edd
                                                                                                                                                                                0x001e1ee1
                                                                                                                                                                                0x001e1ee5
                                                                                                                                                                                0x001e1ee9
                                                                                                                                                                                0x001e1eed
                                                                                                                                                                                0x001e1ef1
                                                                                                                                                                                0x001e1ef5
                                                                                                                                                                                0x001e1ef9
                                                                                                                                                                                0x001e1efd
                                                                                                                                                                                0x001e1f01
                                                                                                                                                                                0x001e1f04
                                                                                                                                                                                0x001e1f08
                                                                                                                                                                                0x001e1f0c
                                                                                                                                                                                0x001e1f10
                                                                                                                                                                                0x001e1f14
                                                                                                                                                                                0x001e1f18
                                                                                                                                                                                0x001e1f1c
                                                                                                                                                                                0x001e1f20
                                                                                                                                                                                0x001e1f24
                                                                                                                                                                                0x001e1f28
                                                                                                                                                                                0x001e1f2c
                                                                                                                                                                                0x001e1f30
                                                                                                                                                                                0x001e1f34
                                                                                                                                                                                0x001e1f38
                                                                                                                                                                                0x001e1f3c
                                                                                                                                                                                0x001e1f40
                                                                                                                                                                                0x001e1f44
                                                                                                                                                                                0x001e1f47
                                                                                                                                                                                0x001e1f4c
                                                                                                                                                                                0x001e1f4d
                                                                                                                                                                                0x001e1f51
                                                                                                                                                                                0x001e1f54
                                                                                                                                                                                0x001e1f5b
                                                                                                                                                                                0x001e1f62
                                                                                                                                                                                0x001e1f69
                                                                                                                                                                                0x001e1f70
                                                                                                                                                                                0x001e1f77
                                                                                                                                                                                0x001e1f7e
                                                                                                                                                                                0x001e1f85
                                                                                                                                                                                0x001e1f8c
                                                                                                                                                                                0x001e1f93
                                                                                                                                                                                0x001e1f9a
                                                                                                                                                                                0x001e1fa1
                                                                                                                                                                                0x001e1fa8
                                                                                                                                                                                0x001e1faf
                                                                                                                                                                                0x001e1fb6
                                                                                                                                                                                0x001e1fc3
                                                                                                                                                                                0x001e1fc4
                                                                                                                                                                                0x001e1fc5
                                                                                                                                                                                0x001e1fcc
                                                                                                                                                                                0x001e1fd3
                                                                                                                                                                                0x001e1fda
                                                                                                                                                                                0x001e1fe1
                                                                                                                                                                                0x001e1fea
                                                                                                                                                                                0x001e1ff3
                                                                                                                                                                                0x001e1ff4
                                                                                                                                                                                0x001e1ff5
                                                                                                                                                                                0x001e1ffc
                                                                                                                                                                                0x001e2003
                                                                                                                                                                                0x001e200a
                                                                                                                                                                                0x001e2011
                                                                                                                                                                                0x001e2018
                                                                                                                                                                                0x001e201f
                                                                                                                                                                                0x001e2026
                                                                                                                                                                                0x001e202d
                                                                                                                                                                                0x001e2034
                                                                                                                                                                                0x001e203b
                                                                                                                                                                                0x001e2042
                                                                                                                                                                                0x001e2049
                                                                                                                                                                                0x001e2050
                                                                                                                                                                                0x001e2057
                                                                                                                                                                                0x001e205e
                                                                                                                                                                                0x001e2065
                                                                                                                                                                                0x001e206c
                                                                                                                                                                                0x001e2073
                                                                                                                                                                                0x001e207c
                                                                                                                                                                                0x001e2082
                                                                                                                                                                                0x001e2083
                                                                                                                                                                                0x001e2084
                                                                                                                                                                                0x001e2088
                                                                                                                                                                                0x001e208c
                                                                                                                                                                                0x001e2090
                                                                                                                                                                                0x001e2094
                                                                                                                                                                                0x001e2098
                                                                                                                                                                                0x001e209c
                                                                                                                                                                                0x001e20a0
                                                                                                                                                                                0x001e20a4
                                                                                                                                                                                0x001e20a8
                                                                                                                                                                                0x001e20ac
                                                                                                                                                                                0x001e20b0
                                                                                                                                                                                0x001e20b6
                                                                                                                                                                                0x001e20bc
                                                                                                                                                                                0x001e20bd
                                                                                                                                                                                0x001e20be
                                                                                                                                                                                0x001e20c2
                                                                                                                                                                                0x001e20c6
                                                                                                                                                                                0x001e20ca
                                                                                                                                                                                0x001e20ce
                                                                                                                                                                                0x001e20d2
                                                                                                                                                                                0x001e20d6
                                                                                                                                                                                0x001e20da
                                                                                                                                                                                0x001e20de
                                                                                                                                                                                0x001e20e2
                                                                                                                                                                                0x001e20e6
                                                                                                                                                                                0x001e20ea
                                                                                                                                                                                0x001e20ee
                                                                                                                                                                                0x001e20f2
                                                                                                                                                                                0x001e20f6
                                                                                                                                                                                0x001e20fc
                                                                                                                                                                                0x001e20ff
                                                                                                                                                                                0x001e2103
                                                                                                                                                                                0x001e2107
                                                                                                                                                                                0x001e210b
                                                                                                                                                                                0x001e210f
                                                                                                                                                                                0x001e2113
                                                                                                                                                                                0x001e2117
                                                                                                                                                                                0x001e211b
                                                                                                                                                                                0x001e211f
                                                                                                                                                                                0x001e2123
                                                                                                                                                                                0x001e2129
                                                                                                                                                                                0x001e212a
                                                                                                                                                                                0x001e212e
                                                                                                                                                                                0x001e2134
                                                                                                                                                                                0x001e2135
                                                                                                                                                                                0x001e2136
                                                                                                                                                                                0x001e213a
                                                                                                                                                                                0x001e213e
                                                                                                                                                                                0x001e2142
                                                                                                                                                                                0x001e2146
                                                                                                                                                                                0x001e214a
                                                                                                                                                                                0x001e214e
                                                                                                                                                                                0x001e2152
                                                                                                                                                                                0x001e2156
                                                                                                                                                                                0x001e215a
                                                                                                                                                                                0x001e215e
                                                                                                                                                                                0x001e2162
                                                                                                                                                                                0x001e2166
                                                                                                                                                                                0x001e216a
                                                                                                                                                                                0x001e216e
                                                                                                                                                                                0x001e2172
                                                                                                                                                                                0x001e2178
                                                                                                                                                                                0x001e217e
                                                                                                                                                                                0x001e217f
                                                                                                                                                                                0x001e2180
                                                                                                                                                                                0x001e2184
                                                                                                                                                                                0x001e2188
                                                                                                                                                                                0x001e218c
                                                                                                                                                                                0x001e2190
                                                                                                                                                                                0x001e2194
                                                                                                                                                                                0x001e2198
                                                                                                                                                                                0x001e219c
                                                                                                                                                                                0x001e21a0
                                                                                                                                                                                0x001e21a4
                                                                                                                                                                                0x001e21a8
                                                                                                                                                                                0x001e21ac
                                                                                                                                                                                0x001e21b0
                                                                                                                                                                                0x001e21b4
                                                                                                                                                                                0x001e21b8
                                                                                                                                                                                0x001e21bc
                                                                                                                                                                                0x001e21c0
                                                                                                                                                                                0x001e21c6
                                                                                                                                                                                0x001e21cc
                                                                                                                                                                                0x001e21cd
                                                                                                                                                                                0x001e21ce
                                                                                                                                                                                0x001e21d2
                                                                                                                                                                                0x001e21d6
                                                                                                                                                                                0x001e21da
                                                                                                                                                                                0x001e21de
                                                                                                                                                                                0x001e21e2
                                                                                                                                                                                0x001e21e6
                                                                                                                                                                                0x001e21ea
                                                                                                                                                                                0x001e21ee
                                                                                                                                                                                0x001e21f2
                                                                                                                                                                                0x001e21f6
                                                                                                                                                                                0x001e21fa
                                                                                                                                                                                0x001e21fe
                                                                                                                                                                                0x001e2204
                                                                                                                                                                                0x001e2204
                                                                                                                                                                                0x001e220a
                                                                                                                                                                                0x001e220f
                                                                                                                                                                                0x001e2219

                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(Kernel32.dll,?,00000000), ref: 001E1B9F
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 001E1BF1
                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?,?,00000000), ref: 001E1C94
                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?,?,00000000), ref: 001E1F47
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.706864470.00000000001E1000.00000020.00020000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                                • Associated: 00000005.00000002.706850338.00000000001E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706872422.00000000001E4000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706884988.00000000001E6000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1e0000_DeltaTB.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad$AddressProc
                                                                                                                                                                                • String ID: Kernel32.dll
                                                                                                                                                                                • API String ID: 1469910268-1926710522
                                                                                                                                                                                • Opcode ID: 8b093ccd3a70a3505028f639ecad4ce996aba567ceddde59dbc83c88a375b0c1
                                                                                                                                                                                • Instruction ID: f30ddba04c8ba4aefde870fb11c130dd7dc14f2657eb5e77707bcb162debd7de
                                                                                                                                                                                • Opcode Fuzzy Hash: 8b093ccd3a70a3505028f639ecad4ce996aba567ceddde59dbc83c88a375b0c1
                                                                                                                                                                                • Instruction Fuzzy Hash: 3E42771080C7D8DDEB12CB68C9487DEBFE51F22748F0841C995986A292C7FF5A58CB76
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 001E1372, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 187 1e1372-1e138c 188 1e1396-1e13a4 187->188 189 1e13aa-1e13b9 188->189 190 1e14c7-1e14db call 1e3bc5 188->190 194 1e13bb-1e13fb 189->194 195 1e1402-1e142b 189->195 194->195 195->190 197 1e1431-1e14b4 call 1e221a wsprintfW CreateDirectoryW 195->197 197->190 200 1e14b6-1e14c1 197->200 200->188 200->190
                                                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                                                			E001E1372(intOrPtr __edx, intOrPtr __edi) {
				signed int _v8;
				char _v540;
				signed char _v541;
				signed char _v542;
				signed char _v543;
				signed char _v544;
				signed char _v545;
				signed char _v546;
				signed char _v547;
				signed char _v548;
				signed short _v550;
				signed short _v552;
				char _v556;
				signed char _v560;
				void* __ebx;
				void* __esi;
				intOrPtr _t72;
				intOrPtr _t73;
				WCHAR* _t74;
				signed int _t76;
				void* _t77;

				_t73 = __edi;
				_t72 = __edx;
				_v8 =  *0x1e5000 ^ _t76;
				_t69 = 0xb7;
				_v560 = 5;
				while(1) {
					_v560 = _v560 - 1;
					if(_v560 == 0) {
						break;
					}
					_t69 = 3;
					_push( &_v556); // executed
					if( *((intOrPtr*)(_t73 + 8))() != 0) {
						_v556 = 0x1df14869;
						_v548 = 0x87;
						_v547 = 0x2f;
						_v546 = 0x49;
						_v545 = 0x3a;
						_v544 = 0xe;
						_v543 = _v560;
						_v542 = 0xdb;
						_v541 = 0x17;
					}
					_v552 = 0xbab0;
					_v550 = 0x7891;
					_push( &_v540);
					_push(0x104);
					if( *((intOrPtr*)(_t73 + 0x14))() != 0) {
						_t69 = 0;
						E001E221A( &_v540);
						_t74 = _t73 + 0x44;
						wsprintfW(_t74, L"%s%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X\\",  &_v540, _v556, _v552 & 0x0000ffff, _v550 & 0x0000ffff, _v548 & 0x000000ff, _v547 & 0x000000ff, _v546 & 0x000000ff, _v545 & 0x000000ff, _v544 & 0x000000ff, _v543 & 0x000000ff, _v542 & 0x000000ff, _v541 & 0x000000ff);
						_t77 = _t77 + 0x38;
						if(CreateDirectoryW(_t74, 0) == 0) {
							_t69 =  *((intOrPtr*)(_t73 + 0x40))();
							if(_t67 == 0xb7) {
								continue;
							}
						}
					}
					break;
				}
				return E001E3BC5(0 | _t69 == 0x00000000, _t69, _v8 ^ _t76, _t72, _t73, _t74);
			}
























                                                                                                                                                                                0x001e1372
                                                                                                                                                                                0x001e1372
                                                                                                                                                                                0x001e1382
                                                                                                                                                                                0x001e1387
                                                                                                                                                                                0x001e138c
                                                                                                                                                                                0x001e1396
                                                                                                                                                                                0x001e139c
                                                                                                                                                                                0x001e13a4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e13ac
                                                                                                                                                                                0x001e13b3
                                                                                                                                                                                0x001e13b9
                                                                                                                                                                                0x001e13c1
                                                                                                                                                                                0x001e13cb
                                                                                                                                                                                0x001e13d2
                                                                                                                                                                                0x001e13d9
                                                                                                                                                                                0x001e13e0
                                                                                                                                                                                0x001e13e7
                                                                                                                                                                                0x001e13ee
                                                                                                                                                                                0x001e13f4
                                                                                                                                                                                0x001e13fb
                                                                                                                                                                                0x001e13fb
                                                                                                                                                                                0x001e1407
                                                                                                                                                                                0x001e1413
                                                                                                                                                                                0x001e1420
                                                                                                                                                                                0x001e1421
                                                                                                                                                                                0x001e142b
                                                                                                                                                                                0x001e1437
                                                                                                                                                                                0x001e1439
                                                                                                                                                                                0x001e149b
                                                                                                                                                                                0x001e14a4
                                                                                                                                                                                0x001e14aa
                                                                                                                                                                                0x001e14b4
                                                                                                                                                                                0x001e14b9
                                                                                                                                                                                0x001e14c1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e14c1
                                                                                                                                                                                0x001e14b4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e142b
                                                                                                                                                                                0x001e14db

                                                                                                                                                                                APIs
                                                                                                                                                                                • wsprintfW.USER32 ref: 001E14A4
                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000), ref: 001E14AF
                                                                                                                                                                                Strings
                                                                                                                                                                                • %s%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X\, xrefs: 001E149E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.706864470.00000000001E1000.00000020.00020000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                                • Associated: 00000005.00000002.706850338.00000000001E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706872422.00000000001E4000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706884988.00000000001E6000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1e0000_DeltaTB.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateDirectorywsprintf
                                                                                                                                                                                • String ID: %s%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X\
                                                                                                                                                                                • API String ID: 2146621440-1982538544
                                                                                                                                                                                • Opcode ID: f3b3eef05adcc59169118e7b325f69ed2db7970320a03c3089e7a88067cdc87f
                                                                                                                                                                                • Instruction ID: 31593f698201257d25567717bc85240f7e818b0015b73e46bbca7755c66f1e47
                                                                                                                                                                                • Opcode Fuzzy Hash: f3b3eef05adcc59169118e7b325f69ed2db7970320a03c3089e7a88067cdc87f
                                                                                                                                                                                • Instruction Fuzzy Hash: 2A3183719452ACAEDB218BB69C4CBEEBBB86F29301F0400D5E558A6181C7389F84CF61
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 001E1000, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 202 1e1000-1e1013 call 1e1372 205 1e101c-1e1032 FindResourceW 202->205 206 1e1015-1e101a 202->206 208 1e104a 205->208 209 1e1034-1e1048 call 1e1b44 205->209 207 1e1097-1e109c 206->207 211 1e104f-1e1051 208->211 209->211 213 1e105a-1e1073 call 1e17f0 211->213 214 1e1053-1e1058 211->214 217 1e1075-1e107f call 1e17bc 213->217 218 1e1081-1e1089 call 1e1985 213->218 214->207 217->207 221 1e108e-1e1092 218->221 221->207
                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                			E001E1000(intOrPtr __eax, void* __ecx, intOrPtr __edx, void* __eflags) {
				char _v8;
				char _v12;
				void* __edi;
				void* __esi;
				void* _t8;
				void* _t10;
				void* _t12;
				signed int _t13;
				signed int _t15;
				intOrPtr _t24;

				_t22 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t24 = __eax; // executed
				_t8 = E001E1372(__edx, __eax); // executed
				if(_t8 != 0) {
					_t28 =  *(_t24 + 0x250);
					if(FindResourceW( *(_t24 + 0x250), L"Files", 0xa) == 0) {
						_t10 = 0x716;
					} else {
						_t10 = E001E1B44(_t28,  &_v8,  &_v12, _t9);
					}
					if(_t10 == 0) {
						_t29 = _t24 + 0x254;
						 *(_t24 + 0x254) =  *(_t24 + 0x254) & 0x00000000;
						_t12 = E001E17F0(_v8,  &_v12, _t29); // executed
						if(_t12 == 0) {
							_t13 = E001E1985(_t29, _t22, _t24 + 0x44, 1); // executed
							asm("sbb eax, eax");
							_t15 =  ~_t13 & 0xffffe131;
						} else {
							E001E17BC(_t29);
							_t15 = 0xffffe130;
						}
					} else {
						_t15 = 0xffffe12f;
					}
				} else {
					_t15 = 0xffffe12e;
				}
				return _t15;
			}













                                                                                                                                                                                0x001e1000
                                                                                                                                                                                0x001e1006
                                                                                                                                                                                0x001e1007
                                                                                                                                                                                0x001e100a
                                                                                                                                                                                0x001e100c
                                                                                                                                                                                0x001e1013
                                                                                                                                                                                0x001e101c
                                                                                                                                                                                0x001e1032
                                                                                                                                                                                0x001e104a
                                                                                                                                                                                0x001e1034
                                                                                                                                                                                0x001e1040
                                                                                                                                                                                0x001e1045
                                                                                                                                                                                0x001e1051
                                                                                                                                                                                0x001e105e
                                                                                                                                                                                0x001e1064
                                                                                                                                                                                0x001e106c
                                                                                                                                                                                0x001e1073
                                                                                                                                                                                0x001e1089
                                                                                                                                                                                0x001e1090
                                                                                                                                                                                0x001e1092
                                                                                                                                                                                0x001e1075
                                                                                                                                                                                0x001e1075
                                                                                                                                                                                0x001e107a
                                                                                                                                                                                0x001e107a
                                                                                                                                                                                0x001e1053
                                                                                                                                                                                0x001e1053
                                                                                                                                                                                0x001e1053
                                                                                                                                                                                0x001e1015
                                                                                                                                                                                0x001e1015
                                                                                                                                                                                0x001e1015
                                                                                                                                                                                0x001e109c

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 001E1372: wsprintfW.USER32 ref: 001E14A4
                                                                                                                                                                                  • Part of subcall function 001E1372: CreateDirectoryW.KERNELBASE(?,00000000), ref: 001E14AF
                                                                                                                                                                                • FindResourceW.KERNEL32(?,Files,0000000A,?,?,?,?,?,001E1603), ref: 001E102A
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.706864470.00000000001E1000.00000020.00020000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                                • Associated: 00000005.00000002.706850338.00000000001E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706872422.00000000001E4000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706884988.00000000001E6000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1e0000_DeltaTB.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateDirectoryFindResourcewsprintf
                                                                                                                                                                                • String ID: Files
                                                                                                                                                                                • API String ID: 975690600-3354685277
                                                                                                                                                                                • Opcode ID: 13cfcee5faed0f61d13fed5f797cce4002056d40db27619bc455347151ef99f1
                                                                                                                                                                                • Instruction ID: 29c9eec88e0c580e71223d067ae66896ee1d80e1d67ee9a9d772d552006a808e
                                                                                                                                                                                • Opcode Fuzzy Hash: 13cfcee5faed0f61d13fed5f797cce4002056d40db27619bc455347151ef99f1
                                                                                                                                                                                • Instruction Fuzzy Hash: D301D272A44EC17BD710663B8C02AEFB39DAFA1711F044229B916D71C0EB74E98486A6
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 001E12E1, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 223 1e12e1-1e131f call 1e3c21 226 1e135d-1e136f call 1e3bc5 223->226 227 1e1321-1e1327 223->227 229 1e1334-1e1338 227->229 231 1e133a-1e1342 229->231 232 1e1329-1e132d 229->232 233 1e134a-1e1350 call 1e121f 231->233 234 1e1344-1e1349 231->234 232->231 235 1e132f-1e1330 232->235 237 1e1355-1e135b 233->237 234->233 235->229 237->226 237->227
                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                			E001E12E1(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				intOrPtr _v544;
				void* __esi;
				short* _t27;
				short* _t28;
				intOrPtr _t29;
				short* _t35;
				intOrPtr _t36;
				signed int _t38;
				intOrPtr _t39;
				signed int _t40;
				signed int _t42;
				signed int _t43;
				signed int _t48;

				_t36 = __edi;
				_t29 = __ebx;
				_t42 = (_t40 & 0xfffffff8) - 0x21c;
				_v8 =  *0x1e5000 ^ _t42;
				_v544 = __ecx;
				E001E3C21( &_v540, _a4, 0x104);
				_t25 = 0;
				_t43 = _t42 + 0xc;
				_t38 = 0;
				if(_v540 != 0) {
					do {
						_t27 = _t43 + 8 + _t38 * 2;
						_t35 = _t27;
						while( *_t27 != 0) {
							__eflags =  *_t27 - 0x3b;
							if(__eflags != 0) {
								_t38 = _t38 + 1;
								__eflags = _t38;
								_t27 = _t43 + 8 + _t38 * 2;
								continue;
							}
							goto L5;
						}
						L5:
						_t28 = _t43 + 8 + _t38 * 2;
						if( *_t28 == 0x3b) {
							 *_t28 = 0;
							_t38 = _t38 + 1;
							_t48 = _t38;
						}
						_t25 = E001E121F(_t29, _t35, _t48, _v544); // executed
					} while ( *((short*)(_t43 + 8 + _t38 * 2)) != 0);
				}
				_pop(_t39);
				return E001E3BC5(_t25, _t29, _v8 ^ _t43, _t35, _t36, _t39);
			}


















                                                                                                                                                                                0x001e12e1
                                                                                                                                                                                0x001e12e1
                                                                                                                                                                                0x001e12e7
                                                                                                                                                                                0x001e12f4
                                                                                                                                                                                0x001e130a
                                                                                                                                                                                0x001e130e
                                                                                                                                                                                0x001e1313
                                                                                                                                                                                0x001e1315
                                                                                                                                                                                0x001e1318
                                                                                                                                                                                0x001e131f
                                                                                                                                                                                0x001e1321
                                                                                                                                                                                0x001e1321
                                                                                                                                                                                0x001e1325
                                                                                                                                                                                0x001e1334
                                                                                                                                                                                0x001e1329
                                                                                                                                                                                0x001e132d
                                                                                                                                                                                0x001e132f
                                                                                                                                                                                0x001e132f
                                                                                                                                                                                0x001e1330
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e1330
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e132d
                                                                                                                                                                                0x001e133a
                                                                                                                                                                                0x001e133a
                                                                                                                                                                                0x001e1342
                                                                                                                                                                                0x001e1346
                                                                                                                                                                                0x001e1349
                                                                                                                                                                                0x001e1349
                                                                                                                                                                                0x001e1349
                                                                                                                                                                                0x001e1350
                                                                                                                                                                                0x001e1355
                                                                                                                                                                                0x001e1321
                                                                                                                                                                                0x001e1364
                                                                                                                                                                                0x001e136f

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.706864470.00000000001E1000.00000020.00020000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                                • Associated: 00000005.00000002.706850338.00000000001E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706872422.00000000001E4000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706884988.00000000001E6000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1e0000_DeltaTB.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _wcsncpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1735881322-0
                                                                                                                                                                                • Opcode ID: 0d3fc1538f2e56cc26125c1677afaf231c2e9d41147de0e905af0f223f4df75a
                                                                                                                                                                                • Instruction ID: e6a9c98a137e7db8004f29cfac6d74804364c4f9f5b2c3bcf2c3e4ddc016ad0d
                                                                                                                                                                                • Opcode Fuzzy Hash: 0d3fc1538f2e56cc26125c1677afaf231c2e9d41147de0e905af0f223f4df75a
                                                                                                                                                                                • Instruction Fuzzy Hash: 54019230504B84ABC720FF65D8455DF73E8FB54320F508D2AE59A87590E770D984C7D2
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 001E17BC, Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 238 1e17bc-1e17c1 239 1e17c3-1e17cb VirtualFree 238->239 240 1e17d1-1e17dc 238->240 239->240
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E001E17BC(signed int* __esi) {
				void* _t6;
				signed int* _t7;

				_t7 = __esi;
				_t6 = __esi[2];
				if(_t6 != 0) {
					_t6 = VirtualFree(_t6, 0, 0x8000); // executed
				}
				_t7[2] = _t7[2] & 0x00000000;
				_t7[1] = _t7[1] & 0x00000000;
				 *_t7 =  *_t7 & 0x00000000;
				return _t6;
			}





                                                                                                                                                                                0x001e17bc
                                                                                                                                                                                0x001e17bc
                                                                                                                                                                                0x001e17c1
                                                                                                                                                                                0x001e17cb
                                                                                                                                                                                0x001e17cb
                                                                                                                                                                                0x001e17d1
                                                                                                                                                                                0x001e17d5
                                                                                                                                                                                0x001e17d9
                                                                                                                                                                                0x001e17dc

                                                                                                                                                                                APIs
                                                                                                                                                                                • VirtualFree.KERNELBASE(?,00000000,00008000,001E107A,?,?,?,?,?,?,001E1603), ref: 001E17CB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.706864470.00000000001E1000.00000020.00020000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                                • Associated: 00000005.00000002.706850338.00000000001E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706872422.00000000001E4000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706884988.00000000001E6000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1e0000_DeltaTB.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1263568516-0
                                                                                                                                                                                • Opcode ID: 7484cf610a5b81132705b969fff78ecae7518fc4fc1723fa7e4486fa64a068f5
                                                                                                                                                                                • Instruction ID: ea2aed7ea6a52c25262411f70c6f781e8ec8c4d917f0c5a8428d60e2aa361d5f
                                                                                                                                                                                • Opcode Fuzzy Hash: 7484cf610a5b81132705b969fff78ecae7518fc4fc1723fa7e4486fa64a068f5
                                                                                                                                                                                • Instruction Fuzzy Hash: 0CD00271650F419FE7304F52DC89B5673E4BB10B27F658C1CA195958D1D7B8E444CA14
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 001E2236, Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 241 1e2236-1e223b 242 1e223d-1e223f 241->242 243 1e2240-1e2253 VirtualAlloc 241->243
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E001E2236(long _a4) {
				void* _t3;

				if(_a4 != 0) {
					_t3 = VirtualAlloc(0, _a4, 0x1000, 4); // executed
					return _t3;
				} else {
					return 0;
				}
			}




                                                                                                                                                                                0x001e223b
                                                                                                                                                                                0x001e224d
                                                                                                                                                                                0x001e2253
                                                                                                                                                                                0x001e223d
                                                                                                                                                                                0x001e223f
                                                                                                                                                                                0x001e223f

                                                                                                                                                                                APIs
                                                                                                                                                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,001E1863,00000000,?,?), ref: 001E224D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.706864470.00000000001E1000.00000020.00020000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                                • Associated: 00000005.00000002.706850338.00000000001E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706872422.00000000001E4000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706884988.00000000001E6000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1e0000_DeltaTB.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                • Opcode ID: 3d74bdc2a77a612497db88b481397c3c98ba5164ba2f55086e02d508c97730d4
                                                                                                                                                                                • Instruction ID: a1b72f3fddfce1bafc7e13b1a8d4bf62978edd8eccbe56b3b3366e619eda049e
                                                                                                                                                                                • Opcode Fuzzy Hash: 3d74bdc2a77a612497db88b481397c3c98ba5164ba2f55086e02d508c97730d4
                                                                                                                                                                                • Instruction Fuzzy Hash: 92C09B70745340BFEF6147518E06B8D77A19784B67F00C454F3585C4D4C7F45484E605
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 001E23AB, Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 244 1e23ab-1e23bc VirtualFree
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E001E23AB(void* _a8) {
				int _t2;

				_t2 = VirtualFree(_a8, 0, 0x8000); // executed
				return _t2;
			}




                                                                                                                                                                                0x001e23b6
                                                                                                                                                                                0x001e23bc

                                                                                                                                                                                APIs
                                                                                                                                                                                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 001E23B6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.706864470.00000000001E1000.00000020.00020000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                                • Associated: 00000005.00000002.706850338.00000000001E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706872422.00000000001E4000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706884988.00000000001E6000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1e0000_DeltaTB.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1263568516-0
                                                                                                                                                                                • Opcode ID: 0ba3ba95b30e938ca85d5e2485bd5ff3cb5e12a9446d58fb2f3dfe9d368b69c3
                                                                                                                                                                                • Instruction ID: 37b2e8407f98fd95d25ee7d3c94e85b08cddf793377f506ceca666933ef064a2
                                                                                                                                                                                • Opcode Fuzzy Hash: 0ba3ba95b30e938ca85d5e2485bd5ff3cb5e12a9446d58fb2f3dfe9d368b69c3
                                                                                                                                                                                • Instruction Fuzzy Hash: 41A00230694781ABEE719F50ED4AF4D7B61FB80B01F304864B3A16D4F08BA57558DF49
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 001E3BC5, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                			E001E3BC5(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				if(__ecx ==  *0x1e5000) {
					asm("repe ret");
				}
				 *0x1e5118 = _t6;
				 *0x1e5114 = _t22;
				 *0x1e5110 = _t25;
				 *0x1e510c = _t21;
				 *0x1e5108 = _t27;
				 *0x1e5104 = _t26;
				 *0x1e5130 = ss;
				 *0x1e5124 = cs;
				 *0x1e5100 = ds;
				 *0x1e50fc = es;
				 *0x1e50f8 = fs;
				 *0x1e50f4 = gs;
				asm("pushfd");
				_pop( *0x1e5128);
				 *0x1e511c =  *_t31;
				 *0x1e5120 = _v0;
				 *0x1e512c =  &_a4;
				 *0x1e5068 = 0x10001;
				 *0x1e501c =  *0x1e5120;
				 *0x1e5010 = 0xc0000409;
				 *0x1e5014 = 1;
				_v812 =  *0x1e5000;
				_v808 =  *0x1e5004;
				 *0x1e5060 = IsDebuggerPresent();
				_push(1);
				E001E3DC2(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x1e409c);
				if( *0x1e5060 == 0) {
					_push(1);
					E001E3DC2(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}















                                                                                                                                                                                0x001e3bc5
                                                                                                                                                                                0x001e3bc5
                                                                                                                                                                                0x001e3bc5
                                                                                                                                                                                0x001e3bc5
                                                                                                                                                                                0x001e3bc5
                                                                                                                                                                                0x001e3bc5
                                                                                                                                                                                0x001e3bcb
                                                                                                                                                                                0x001e3bcd
                                                                                                                                                                                0x001e3bcd
                                                                                                                                                                                0x001e3cc7
                                                                                                                                                                                0x001e3ccc
                                                                                                                                                                                0x001e3cd2
                                                                                                                                                                                0x001e3cd8
                                                                                                                                                                                0x001e3cde
                                                                                                                                                                                0x001e3ce4
                                                                                                                                                                                0x001e3cea
                                                                                                                                                                                0x001e3cf1
                                                                                                                                                                                0x001e3cf8
                                                                                                                                                                                0x001e3cff
                                                                                                                                                                                0x001e3d06
                                                                                                                                                                                0x001e3d0d
                                                                                                                                                                                0x001e3d14
                                                                                                                                                                                0x001e3d15
                                                                                                                                                                                0x001e3d1e
                                                                                                                                                                                0x001e3d26
                                                                                                                                                                                0x001e3d2e
                                                                                                                                                                                0x001e3d39
                                                                                                                                                                                0x001e3d48
                                                                                                                                                                                0x001e3d4d
                                                                                                                                                                                0x001e3d57
                                                                                                                                                                                0x001e3d66
                                                                                                                                                                                0x001e3d71
                                                                                                                                                                                0x001e3d7d
                                                                                                                                                                                0x001e3d82
                                                                                                                                                                                0x001e3d84
                                                                                                                                                                                0x001e3d8c
                                                                                                                                                                                0x001e3d97
                                                                                                                                                                                0x001e3da4
                                                                                                                                                                                0x001e3da6
                                                                                                                                                                                0x001e3da8
                                                                                                                                                                                0x001e3dad
                                                                                                                                                                                0x001e3dc1

                                                                                                                                                                                APIs
                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 001E3D77
                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 001E3D8C
                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(001E409C), ref: 001E3D97
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 001E3DB3
                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 001E3DBA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.706864470.00000000001E1000.00000020.00020000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                                • Associated: 00000005.00000002.706850338.00000000001E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706872422.00000000001E4000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706884988.00000000001E6000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1e0000_DeltaTB.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2579439406-0
                                                                                                                                                                                • Opcode ID: 994184bae5a74a777facaf23bd4b38e71c5311c97d3093f80088a6c03f8418f0
                                                                                                                                                                                • Instruction ID: 0ced2c0c181d83e0e91fa4d12f0e13ba12b087c91979b16b8ea162783424f30f
                                                                                                                                                                                • Opcode Fuzzy Hash: 994184bae5a74a777facaf23bd4b38e71c5311c97d3093f80088a6c03f8418f0
                                                                                                                                                                                • Instruction Fuzzy Hash: 2F21CDB8910A84DBC750DFE5E9C974C3BE6BB58318F90405AF6198FA60E7B05AC08F95
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 001E1B44, Relevance: 4.5, APIs: 3, Instructions: 24COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E001E1B44(struct HINSTANCE__* _a4, intOrPtr* _a8, intOrPtr* _a12, struct HRSRC__* _a16) {
				void* _t14;

				_t14 = LoadResource(_a4, _a16);
				if(_t14 == 0) {
					return 0x716;
				}
				 *_a12 = SizeofResource(_a4, _a16);
				 *_a8 = LockResource(_t14);
				return 0;
			}




                                                                                                                                                                                0x001e1b54
                                                                                                                                                                                0x001e1b58
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e1b7b
                                                                                                                                                                                0x001e1b6a
                                                                                                                                                                                0x001e1b75
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadResource.KERNEL32(?,?,?,?,001E1045,?,?,?,00000000,?,?,?,?,?,001E1603), ref: 001E1B4E
                                                                                                                                                                                • SizeofResource.KERNEL32(?,?,?,001E1045,?,?,?,00000000,?,?,?,?,?,001E1603), ref: 001E1B60
                                                                                                                                                                                • LockResource.KERNEL32(00000000,?,001E1045,?,?,?,00000000,?,?,?,?,?,001E1603), ref: 001E1B6C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.706864470.00000000001E1000.00000020.00020000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                                • Associated: 00000005.00000002.706850338.00000000001E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706872422.00000000001E4000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706884988.00000000001E6000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1e0000_DeltaTB.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Resource$LoadLockSizeof
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2853612939-0
                                                                                                                                                                                • Opcode ID: 5cb7bd4cb3085adfa08ea1eafd098cdc4aa8ba654ffc8c27fb893d54aff24d55
                                                                                                                                                                                • Instruction ID: 4d188c96989d93c3a6434f37fd6f3c50392d82eb694046fb2e21ccc9865ee2b9
                                                                                                                                                                                • Opcode Fuzzy Hash: 5cb7bd4cb3085adfa08ea1eafd098cdc4aa8ba654ffc8c27fb893d54aff24d55
                                                                                                                                                                                • Instruction Fuzzy Hash: E6E0E532502259AFCB129FA5EC988DF7FB5EF093A0B014465FE099B220D7329860DB90
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 001E154E, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E001E154E(void* __edi) {
				intOrPtr _v4;
				signed int _t11;
				void* _t12;
				signed short* _t13;

				_t12 = __edi;
				_t13 =  *((intOrPtr*)(__edi + 0x38))();
				if(_t13 != 0) {
					while(1) {
						_t11 =  *_t13 & 0x0000ffff;
						if(_t11 == 0x20 || _t11 == 0x2f || _t11 == 0x2d) {
							goto L5;
						}
						_t13 =  &(_t13[1]);
						if(_t13 != 0) {
							continue;
						}
						goto L5;
					}
				}
				L5:
				E001E3C02(_v4, E001E14DC(_t12, L"CommandLine"));
				E001E3BD4(_v4, " ");
				E001E3BD4(_v4, _t13);
				return 0;
			}







                                                                                                                                                                                0x001e154e
                                                                                                                                                                                0x001e1552
                                                                                                                                                                                0x001e1556
                                                                                                                                                                                0x001e1558
                                                                                                                                                                                0x001e1558
                                                                                                                                                                                0x001e155f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e156e
                                                                                                                                                                                0x001e156f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x001e156f
                                                                                                                                                                                0x001e1558
                                                                                                                                                                                0x001e1571
                                                                                                                                                                                0x001e1581
                                                                                                                                                                                0x001e158f
                                                                                                                                                                                0x001e1599
                                                                                                                                                                                0x001e15a4

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.706864470.00000000001E1000.00000020.00020000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                                • Associated: 00000005.00000002.706850338.00000000001E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706872422.00000000001E4000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000005.00000002.706884988.00000000001E6000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1e0000_DeltaTB.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _wcscat$_wcscpy
                                                                                                                                                                                • String ID: CommandLine
                                                                                                                                                                                • API String ID: 1832442500-3253501508
                                                                                                                                                                                • Opcode ID: 7b63b79073667c1caed650957ba39d728ae259afe2a1312fc7ae4470dae2adc5
                                                                                                                                                                                • Instruction ID: 571ec070c66563806358f95a2658d5fac5e7e35259b5701524f13616d2106243
                                                                                                                                                                                • Opcode Fuzzy Hash: 7b63b79073667c1caed650957ba39d728ae259afe2a1312fc7ae4470dae2adc5
                                                                                                                                                                                • Instruction Fuzzy Hash: 33E02B74404DE13BC721371B4C0BC7FA540DFA2710BC04521FC8261065D7308D634293
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Analysis Process: Setup.exe PID: 1836 Parent PID: 6416 Setup.exeCOMMON

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:15.5%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                Signature Coverage:1.4%
                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                Total number of Limit Nodes:70

                                                                                                                                                                                Graph

                                                                                                                                                                                execution_graph 31197 452c54 31198 452c60 __wfsopen 31197->31198 31199 452c75 31198->31199 31200 452c67 31198->31200 31202 452c7c 31199->31202 31203 452c88 31199->31203 31201 44fbd9 _malloc 69 API calls 31200->31201 31219 452c6f __wfsopen _realloc 31201->31219 31204 44fafc ___free_lc_time 69 API calls 31202->31204 31210 452dfa 31203->31210 31233 452c95 _realloc ___sbh_resize_block ___sbh_find_block 31203->31233 31204->31219 31205 452e2d 31243 456ffc 7 API calls __decode_pointer 31205->31243 31206 452dff HeapReAlloc 31206->31210 31206->31219 31207 457dfc __lock 69 API calls 31207->31233 31209 452e33 31244 454477 69 API calls __getptd_noexit 31209->31244 31210->31205 31210->31206 31212 452e51 31210->31212 31217 452e47 31210->31217 31242 456ffc 7 API calls __decode_pointer 31210->31242 31212->31219 31246 454477 69 API calls __getptd_noexit 31212->31246 31216 452e5a GetLastError 31216->31219 31245 454477 69 API calls __getptd_noexit 31217->31245 31220 452d20 HeapAlloc 31227 452d1a _realloc 31220->31227 31220->31233 31221 452dc8 31221->31219 31223 452dcd GetLastError 31221->31223 31222 452d75 HeapReAlloc 31222->31233 31223->31219 31225 452de0 31225->31219 31241 454477 69 API calls __getptd_noexit 31225->31241 31227->31220 31227->31233 31237 457e5f __VEC_memcpy VirtualFree VirtualFree HeapFree _memmove_s 31227->31237 31230 452ded 31230->31216 31230->31219 31231 452dc3 31240 454477 69 API calls __getptd_noexit 31231->31240 31233->31205 31233->31207 31233->31219 31233->31220 31233->31222 31233->31225 31233->31227 31233->31231 31235 45860e 5 API calls 2 library calls 31233->31235 31236 457e5f __VEC_memcpy VirtualFree VirtualFree HeapFree _memmove_s 31233->31236 31238 452d98 LeaveCriticalSection __freefls@4 31233->31238 31239 456ffc 7 API calls __decode_pointer 31233->31239 31235->31233 31236->31233 31237->31227 31238->31233 31239->31233 31240->31221 31241->31230 31242->31210 31243->31209 31244->31219 31245->31221 31246->31216 31257 422f50 31258 422f57 31257->31258 31258->31258 31259 422f5f RegDeleteValueW 31258->31259 27924 424000 27925 424056 27924->27925 27926 42402c 27924->27926 27930 4ee220 27926->27930 27929 44fae5 _Immortalize 76 API calls 27929->27925 27931 4ee254 _Immortalize 27930->27931 27932 4175c0 _Immortalize 69 API calls 27931->27932 27933 4ee2f9 27932->27933 27936 425ae0 27933->27936 27937 425b13 _Immortalize 27936->27937 27940 426830 27937->27940 27941 426861 _Immortalize 27940->27941 27946 42404c 27940->27946 27942 426875 27941->27942 27943 42686e 27941->27943 27948 41a5c0 77 API calls allocator 27942->27948 27947 427030 77 API calls 3 library calls 27943->27947 27946->27929 27947->27946 27948->27946 27949 423c00 27950 44f76f _Allocate 77 API calls 27949->27950 27951 423c2f 27950->27951 27952 423c62 27951->27952 27962 423cd0 77 API calls 2 library calls 27951->27962 27954 423c91 27952->27954 27955 423c87 27952->27955 27959 41a080 27954->27959 27963 422600 CloseHandle SetThreadPriority CoUninitialize 27955->27963 27958 423c8f 27964 451fc6 27959->27964 27962->27952 27963->27958 27965 451ff6 27964->27965 27966 451fda 27964->27966 27985 457212 TlsGetValue 27965->27985 28020 454477 69 API calls __getptd_noexit 27966->28020 27969 451fdf 28021 4557a5 7 API calls 2 library calls 27969->28021 27974 45205a 27975 44fafc ___free_lc_time 69 API calls 27974->27975 27978 452060 27975->27978 27980 41a0a7 27978->27980 28022 45449d 69 API calls 3 library calls 27978->28022 27980->27958 27981 45201e CreateThread 27981->27980 27984 452051 GetLastError 27981->27984 28078 451f43 27981->28078 27984->27974 27986 457227 27985->27986 27987 451ffc 27985->27987 27988 457177 __decode_pointer 7 API calls 27986->27988 27990 457789 27987->27990 27989 457232 TlsSetValue 27988->27989 27989->27987 27993 457792 27990->27993 27992 452008 27992->27974 27996 457400 27992->27996 27993->27992 27994 4577b0 Sleep 27993->27994 28023 45d90b 27993->28023 27995 4577c5 27994->27995 27995->27992 27995->27993 28041 457387 GetLastError 27996->28041 27998 457408 27999 452015 27998->27999 28055 457948 69 API calls 3 library calls 27998->28055 28001 4572a0 27999->28001 28056 456860 28001->28056 28003 4572ac GetModuleHandleW 28004 4572c3 28003->28004 28005 4572bc 28003->28005 28007 4572fe 28004->28007 28008 4572da GetProcAddress GetProcAddress 28004->28008 28075 457918 Sleep GetModuleHandleW 28005->28075 28010 457dfc __lock 65 API calls 28007->28010 28008->28007 28009 4572c2 28009->28004 28011 45731d InterlockedIncrement 28010->28011 28057 457375 28011->28057 28014 457dfc __lock 65 API calls 28015 45733e 28014->28015 28060 45af05 InterlockedIncrement 28015->28060 28017 45735c 28072 45737e 28017->28072 28019 457369 __wfsopen 28019->27981 28020->27969 28022->27980 28024 45d917 __wfsopen 28023->28024 28025 45d92f 28024->28025 28028 45d94e _memset 28024->28028 28036 454477 69 API calls __getptd_noexit 28025->28036 28027 45d934 28037 4557a5 7 API calls 2 library calls 28027->28037 28030 45d9c0 RtlAllocateHeap 28028->28030 28032 457dfc __lock 68 API calls 28028->28032 28033 45d944 __wfsopen 28028->28033 28038 45860e 5 API calls 2 library calls 28028->28038 28039 45da07 LeaveCriticalSection __freefls@4 28028->28039 28040 456ffc 7 API calls __decode_pointer 28028->28040 28030->28028 28032->28028 28033->27993 28036->28027 28038->28028 28039->28028 28040->28028 28042 457212 ___set_flsgetvalue 9 API calls 28041->28042 28043 45739e 28042->28043 28044 4573f4 SetLastError 28043->28044 28045 457789 __calloc_crt 66 API calls 28043->28045 28044->27998 28046 4573b2 28045->28046 28046->28044 28047 457177 __decode_pointer 7 API calls 28046->28047 28048 4573cc 28047->28048 28049 4573d3 28048->28049 28050 4573eb 28048->28050 28051 4572a0 __initptd 66 API calls 28049->28051 28052 44fafc ___free_lc_time 66 API calls 28050->28052 28053 4573db GetCurrentThreadId 28051->28053 28054 4573f1 28052->28054 28053->28044 28054->28044 28055->27999 28056->28003 28076 457d22 LeaveCriticalSection 28057->28076 28059 457337 28059->28014 28061 45af26 28060->28061 28062 45af23 InterlockedIncrement 28060->28062 28063 45af30 InterlockedIncrement 28061->28063 28064 45af33 28061->28064 28062->28061 28063->28064 28065 45af40 28064->28065 28066 45af3d InterlockedIncrement 28064->28066 28067 45af4a InterlockedIncrement 28065->28067 28069 45af4d 28065->28069 28066->28065 28067->28069 28068 45af66 InterlockedIncrement 28068->28069 28069->28068 28070 45af76 InterlockedIncrement 28069->28070 28071 45af81 InterlockedIncrement 28069->28071 28070->28069 28071->28017 28077 457d22 LeaveCriticalSection 28072->28077 28074 457385 28074->28019 28075->28009 28076->28059 28077->28074 28079 457212 ___set_flsgetvalue 9 API calls 28078->28079 28080 451f4e __threadstartex@4 28079->28080 28093 4571f2 TlsGetValue 28080->28093 28083 451f87 28106 45741a 78 API calls 6 library calls 28083->28106 28084 451f5d __threadstartex@4 28105 457246 7 API calls __decode_pointer 28084->28105 28086 451fa2 __IsNonwritableInCurrentImage 28095 451f02 28086->28095 28089 451f6c 28091 451f70 GetLastError ExitThread 28089->28091 28092 451f7d GetCurrentThreadId 28089->28092 28092->28086 28094 451f59 28093->28094 28094->28083 28094->28084 28096 451f0e __wfsopen 28095->28096 28097 457400 __getptd 69 API calls 28096->28097 28098 451f13 28097->28098 28107 419eb0 28098->28107 28105->28089 28106->28086 28108 419ec0 28107->28108 28109 419eca 28107->28109 28118 419ee0 28108->28118 28111 451ec5 28109->28111 28115 451ed3 __IsNonwritableInCurrentImage 28111->28115 28112 457387 __getptd_noexit 69 API calls 28113 451eed 28112->28113 28114 451ef8 ExitThread 28113->28114 28133 457549 28113->28133 28115->28112 28119 419ef2 28118->28119 28122 419efa 28118->28122 28130 41a050 SetThreadPriority 28119->28130 28121 419f4d 28123 419f92 28121->28123 28125 419f64 28121->28125 28122->28121 28127 41a0c0 28122->28127 28131 41a010 CloseHandle 28123->28131 28125->28109 28132 4edeb0 CoUninitialize 28127->28132 28129 41a0c8 28129->28121 28130->28122 28131->28125 28132->28129 28134 457557 28133->28134 28135 4575a2 28133->28135 28138 457580 28134->28138 28139 45755d TlsGetValue 28134->28139 28136 451ef7 28135->28136 28137 4575ac TlsSetValue 28135->28137 28136->28114 28137->28136 28141 457177 __decode_pointer 7 API calls 28138->28141 28139->28138 28140 457570 TlsGetValue 28139->28140 28140->28138 28142 457597 28141->28142 28144 45741a 78 API calls 6 library calls 28142->28144 28144->28135 28145 423300 28148 491a00 28145->28148 28149 491a43 28148->28149 28154 42331a 28148->28154 28149->28154 28157 490300 28149->28157 28151 491a5c 28152 491abd 28151->28152 28156 491a67 28151->28156 28153 491160 102 API calls 28152->28153 28153->28154 28156->28154 28165 491160 28156->28165 28158 490333 _Immortalize 28157->28158 28159 490378 _Immortalize 28158->28159 28171 4901a0 28158->28171 28159->28151 28162 4181d0 _Immortalize 77 API calls 28163 490369 28162->28163 28164 4176e0 codecvt 69 API calls 28163->28164 28164->28159 28166 491177 28165->28166 28167 49116d 28165->28167 28209 4fc3d0 28166->28209 28181 4908a0 GetTickCount 28167->28181 28174 490070 28171->28174 28175 4900c3 28174->28175 28176 4900a1 28174->28176 28175->28162 28177 44f76f _Allocate 77 API calls 28176->28177 28178 4900a8 28177->28178 28178->28175 28180 432510 77 API calls 28178->28180 28180->28175 28183 4908e0 _Immortalize 28181->28183 28182 4908f4 28185 44f6c8 _wcsupr_s_l_stat 5 API calls 28182->28185 28183->28182 28184 4175c0 _Immortalize 69 API calls 28183->28184 28186 49091d _Immortalize 28184->28186 28187 490ac8 28185->28187 28188 4175c0 _Immortalize 69 API calls 28186->28188 28187->28166 28189 490938 28188->28189 28190 49094d 28189->28190 28281 405140 28189->28281 28218 4903a0 28190->28218 28193 4176e0 codecvt 69 API calls 28195 490a9e 28193->28195 28194 490962 _Immortalize 28208 490a6f 28194->28208 28285 45508b 28194->28285 28196 4176e0 codecvt 69 API calls 28195->28196 28196->28182 28200 4909ae 28200->28208 28289 455a52 80 API calls 2 library calls 28200->28289 28202 4909c5 _Immortalize 28203 417910 _Immortalize 77 API calls 28202->28203 28202->28208 28204 490a4d 28203->28204 28205 4181d0 _Immortalize 77 API calls 28204->28205 28206 490a60 28205->28206 28207 4176e0 codecvt 69 API calls 28206->28207 28207->28208 28208->28193 28210 4fc3e8 28209->28210 28211 4fc3e0 28209->28211 28216 491183 28210->28216 28334 4fc240 28210->28334 28212 4fc402 28211->28212 28215 4fc3e6 28211->28215 28212->28216 28346 4fc300 28212->28346 28215->28216 28358 4fc180 28215->28358 28216->28156 28219 4903d9 std::_Iterator_base::_Iterator_base 28218->28219 28220 417a20 std::ios_base::clear 77 API calls 28219->28220 28221 4903ef 28220->28221 28222 417a20 std::ios_base::clear 77 API calls 28221->28222 28223 4903fe _Immortalize 28222->28223 28224 4175c0 _Immortalize 69 API calls 28223->28224 28225 490412 28224->28225 28226 494f20 6 API calls 28225->28226 28228 49041b _Immortalize 28226->28228 28227 49052c codecvt _Immortalize 28230 41eea0 2 API calls 28227->28230 28231 4905fc _Immortalize 28227->28231 28228->28227 28290 443050 CoCreateInstance 28228->28290 28235 49055f _memset 28230->28235 28232 49083b _Immortalize 28231->28232 28233 4130d0 _Immortalize 77 API calls 28231->28233 28237 4176e0 codecvt 69 API calls 28232->28237 28236 49061c _Immortalize 28233->28236 28234 490443 Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 28234->28227 28291 494f40 28234->28291 28235->28231 28239 41ede0 RegQueryValueExW 28235->28239 28243 41eea0 2 API calls 28236->28243 28240 490862 28237->28240 28247 4905b0 _Immortalize 28239->28247 28241 41ef60 RegCloseKey 28240->28241 28244 490871 28241->28244 28242 4905f4 28245 41ef10 RegCloseKey 28242->28245 28251 490634 _memset 28243->28251 28246 44f6c8 _wcsupr_s_l_stat 5 API calls 28244->28246 28245->28231 28248 49088c 28246->28248 28247->28242 28249 417910 _Immortalize 77 API calls 28247->28249 28248->28194 28250 4905d2 28249->28250 28252 4181d0 _Immortalize 77 API calls 28250->28252 28251->28232 28253 41ede0 RegQueryValueExW 28251->28253 28254 4905e5 28252->28254 28255 490685 28253->28255 28256 4176e0 codecvt 69 API calls 28254->28256 28257 41ef10 RegCloseKey 28255->28257 28256->28242 28267 49068d _Immortalize 28257->28267 28258 49046c _Immortalize Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 28258->28227 28259 417910 _Immortalize 77 API calls 28258->28259 28260 490500 28259->28260 28261 4181d0 _Immortalize 77 API calls 28260->28261 28262 490513 28261->28262 28263 4176e0 codecvt 69 API calls 28262->28263 28264 490522 CoTaskMemFree 28263->28264 28264->28227 28265 4907eb _Immortalize 28268 417910 _Immortalize 77 API calls 28265->28268 28266 4907aa _Immortalize 28266->28265 28269 4907dc 28266->28269 28271 4130d0 _Immortalize 77 API calls 28266->28271 28267->28266 28273 417910 _Immortalize 77 API calls 28267->28273 28270 490819 28268->28270 28272 4130d0 _Immortalize 77 API calls 28269->28272 28274 4181d0 _Immortalize 77 API calls 28270->28274 28271->28269 28272->28265 28275 490788 28273->28275 28276 49082c 28274->28276 28277 4181d0 _Immortalize 77 API calls 28275->28277 28278 4176e0 codecvt 69 API calls 28276->28278 28279 49079b 28277->28279 28278->28232 28280 4176e0 codecvt 69 API calls 28279->28280 28280->28266 28282 405155 28281->28282 28300 406c00 28282->28300 28284 405193 28284->28190 28304 454e70 28285->28304 28288 452266 81 API calls 2 library calls 28288->28200 28289->28202 28290->28234 28294 494af0 28291->28294 28295 494b3d 28294->28295 28296 494b0c GetVersionExW 28294->28296 28298 44f6c8 _wcsupr_s_l_stat 5 API calls 28295->28298 28296->28295 28297 494b28 28296->28297 28297->28295 28299 494b4c 28298->28299 28299->28258 28301 406c15 28300->28301 28302 417a20 std::ios_base::clear 77 API calls 28301->28302 28303 406c60 _DebugHeapAllocator _Immortalize 28302->28303 28303->28284 28305 454f0a 28304->28305 28311 454e89 28304->28311 28306 455056 28305->28306 28307 45503b 28305->28307 28332 454477 69 API calls __getptd_noexit 28306->28332 28330 454477 69 API calls __getptd_noexit 28307->28330 28310 455040 28315 454fd6 28310->28315 28331 4557a5 7 API calls 2 library calls 28310->28331 28311->28305 28320 454ef8 28311->28320 28326 455ffc 69 API calls __wfsopen 28311->28326 28314 454fde 28314->28305 28314->28315 28317 455069 28314->28317 28315->28288 28316 454f94 28316->28305 28318 454fb1 28316->28318 28328 455ffc 69 API calls __wfsopen 28316->28328 28333 455ffc 69 API calls __wfsopen 28317->28333 28318->28305 28318->28315 28322 454fca 28318->28322 28320->28305 28325 454f76 28320->28325 28327 455ffc 69 API calls __wfsopen 28320->28327 28329 455ffc 69 API calls __wfsopen 28322->28329 28325->28314 28325->28316 28326->28320 28327->28325 28328->28318 28329->28315 28330->28310 28332->28310 28333->28315 28370 484b40 28334->28370 28337 4fc2b1 28339 44f76f _Allocate 77 API calls 28337->28339 28338 4fc271 28340 44f76f _Allocate 77 API calls 28338->28340 28341 4fc2b8 28339->28341 28342 4fc278 28340->28342 28343 4fc293 28341->28343 28383 484c00 77 API calls 28341->28383 28342->28343 28382 442f10 69 API calls _Immortalize 28342->28382 28343->28216 28448 48c830 28346->28448 28349 4fc371 28352 44f76f _Allocate 77 API calls 28349->28352 28350 4fc331 28351 44f76f _Allocate 77 API calls 28350->28351 28353 4fc338 28351->28353 28354 4fc37b 28352->28354 28355 4fc353 28353->28355 28471 442f10 69 API calls _Immortalize 28353->28471 28354->28355 28472 48c180 77 API calls 28354->28472 28355->28216 28359 47f670 72 API calls 28358->28359 28360 4fc1ac 28359->28360 28361 4fc1f3 28360->28361 28362 4fc1b3 28360->28362 28363 44f76f _Allocate 77 API calls 28361->28363 28364 44f76f _Allocate 77 API calls 28362->28364 28365 4fc1fa 28363->28365 28366 4fc1ba 28364->28366 28367 4fc1d5 28365->28367 28506 442e40 69 API calls 2 library calls 28365->28506 28366->28367 28505 442f10 69 API calls _Immortalize 28366->28505 28367->28216 28371 484b70 _Immortalize 28370->28371 28372 4175c0 _Immortalize 69 API calls 28371->28372 28373 484b79 28372->28373 28384 484b20 28373->28384 28376 484b9b 28378 4176e0 codecvt 69 API calls 28376->28378 28379 484bca 28378->28379 28380 44f6c8 _wcsupr_s_l_stat 5 API calls 28379->28380 28381 484be2 28380->28381 28381->28337 28381->28338 28382->28343 28383->28343 28391 495e20 28384->28391 28387 49e7e0 28388 49e7f2 _Immortalize 28387->28388 28420 454d7b 28388->28420 28392 495e53 _Immortalize std::_Iterator_base::_Iterator_base 28391->28392 28393 417910 _Immortalize 77 API calls 28392->28393 28394 495e73 28393->28394 28395 4130d0 _Immortalize 77 API calls 28394->28395 28396 495e83 _Immortalize 28395->28396 28397 41eea0 2 API calls 28396->28397 28400 495e9b _memset 28397->28400 28398 495fa5 28399 4176e0 codecvt 69 API calls 28398->28399 28401 495fbb 28399->28401 28400->28398 28402 41ede0 RegQueryValueExW 28400->28402 28403 41ef60 RegCloseKey 28401->28403 28404 495ee7 28402->28404 28419 495f9d 28403->28419 28404->28398 28407 495eef _wcslen 28404->28407 28405 44f6c8 _wcsupr_s_l_stat 5 API calls 28406 484b31 28405->28406 28406->28376 28406->28387 28408 495f24 PathAddBackslashW 28407->28408 28409 495f3c _Immortalize 28408->28409 28410 417910 _Immortalize 77 API calls 28409->28410 28411 495f4f 28410->28411 28412 4181d0 _Immortalize 77 API calls 28411->28412 28413 495f62 28412->28413 28414 4176e0 codecvt 69 API calls 28413->28414 28415 495f71 _Immortalize 28414->28415 28416 4176e0 codecvt 69 API calls 28415->28416 28417 495f8e 28416->28417 28418 41ef60 RegCloseKey 28417->28418 28418->28419 28419->28405 28423 454cf2 28420->28423 28424 454d23 28423->28424 28425 454cff 28423->28425 28424->28425 28426 454d2c GetFileAttributesW 28424->28426 28441 45448a 69 API calls __getptd_noexit 28425->28441 28428 454d3a GetLastError 28426->28428 28432 454d50 28426->28432 28444 45449d 69 API calls 3 library calls 28428->28444 28429 454d04 28442 454477 69 API calls __getptd_noexit 28429->28442 28433 454d1b 28432->28433 28446 45448a 69 API calls __getptd_noexit 28432->28446 28433->28376 28434 454d0b 28443 4557a5 7 API calls 2 library calls 28434->28443 28435 454d46 28445 454477 69 API calls __getptd_noexit 28435->28445 28439 454d63 28447 454477 69 API calls __getptd_noexit 28439->28447 28441->28429 28442->28434 28444->28435 28445->28433 28446->28439 28447->28435 28449 48c860 _Immortalize 28448->28449 28450 4175c0 _Immortalize 69 API calls 28449->28450 28451 48c869 28450->28451 28473 48bd40 28451->28473 28453 48c879 28454 48c90c 28453->28454 28456 48c884 28453->28456 28455 4176e0 codecvt 69 API calls 28454->28455 28457 48c907 28455->28457 28490 4098d0 28456->28490 28459 44f6c8 _wcsupr_s_l_stat 5 API calls 28457->28459 28461 48c937 28459->28461 28461->28349 28461->28350 28462 409810 _Immortalize 77 API calls 28463 48c8cb 28462->28463 28464 49e7e0 _Immortalize 71 API calls 28463->28464 28465 48c8da 28464->28465 28466 4176e0 codecvt 69 API calls 28465->28466 28467 48c8ec 28466->28467 28468 4178c0 codecvt 69 API calls 28467->28468 28469 48c8f8 28468->28469 28470 4176e0 codecvt 69 API calls 28469->28470 28470->28457 28471->28355 28472->28355 28474 495e20 81 API calls 28473->28474 28475 48bd73 28474->28475 28476 48bd7a _Immortalize 28475->28476 28477 495d00 80 API calls 28475->28477 28476->28453 28478 48bd99 28477->28478 28478->28476 28479 4130d0 _Immortalize 77 API calls 28478->28479 28480 48bdb9 28479->28480 28481 4098d0 _Immortalize 77 API calls 28480->28481 28482 48bde3 28481->28482 28483 409810 _Immortalize 77 API calls 28482->28483 28484 48be02 28483->28484 28485 49e7e0 _Immortalize 71 API calls 28484->28485 28486 48be11 28485->28486 28487 4176e0 codecvt 69 API calls 28486->28487 28488 48be23 28487->28488 28489 4178c0 codecvt 69 API calls 28488->28489 28489->28476 28499 417620 28490->28499 28493 4130d0 _Immortalize 77 API calls 28494 409924 28493->28494 28495 417620 allocator 77 API calls 28494->28495 28496 40992d 28495->28496 28497 4178c0 codecvt 69 API calls 28496->28497 28498 409942 28497->28498 28498->28462 28500 417633 _DebugHeapAllocator 28499->28500 28501 417e70 codecvt 69 API calls 28500->28501 28502 41763f 28501->28502 28503 4180c0 allocator 77 API calls 28502->28503 28504 409908 28503->28504 28504->28493 28505->28367 28506->28367 28507 423320 28508 4176e0 codecvt 69 API calls 28507->28508 28509 42335c 28508->28509 28514 423200 28509->28514 28513 42337a 28520 423260 28514->28520 28517 4176e0 codecvt 69 API calls 28518 423244 28517->28518 28519 4d08a0 77 API calls 28518->28519 28519->28513 28525 423290 28520->28525 28523 417a20 std::ios_base::clear 77 API calls 28524 423235 28523->28524 28524->28517 28526 4232a2 28525->28526 28527 42326f 28525->28527 28528 4232be 28526->28528 28529 4232ad 28526->28529 28527->28523 28532 4bf540 28528->28532 28530 44fafc ___free_lc_time 69 API calls 28529->28530 28530->28527 28535 4ad770 28532->28535 28536 4ad79c _Immortalize 28535->28536 28537 4ad7c6 28535->28537 28538 44fae5 _Immortalize 76 API calls 28536->28538 28537->28527 28538->28537 28576 404430 28577 404451 28576->28577 28580 40444c 28576->28580 28590 403a70 9 API calls 28577->28590 28579 404472 28579->28580 28581 4044a5 28579->28581 28622 4f3610 205 API calls 4 library calls 28579->28622 28581->28580 28582 4044df 28581->28582 28623 4efcd0 SetWindowPos 28581->28623 28582->28580 28585 404519 28582->28585 28591 4f3ed0 28582->28591 28585->28580 28587 404553 28585->28587 28624 4f0410 83 API calls _Immortalize 28585->28624 28587->28580 28625 4efc10 ShowWindow DestroyWindow codecvt 28587->28625 28590->28579 28595 4f3f03 28591->28595 28592 4f4069 28652 4049b0 76 API calls _Immortalize 28592->28652 28593 4f3fae 28593->28592 28597 4f405a 28593->28597 28626 4049b0 76 API calls _Immortalize 28593->28626 28595->28593 28596 4f3f5c 28595->28596 28599 4f3f7a 28595->28599 28645 417430 VariantClear 28596->28645 28651 417430 VariantClear 28597->28651 28608 4f3f94 28599->28608 28646 4161a0 IsWindow 28599->28646 28600 4f406e 28653 4049b0 76 API calls _Immortalize 28600->28653 28603 4f3f72 28603->28585 28607 4f4002 28627 4e40d0 28607->28627 28647 417430 VariantClear 28608->28647 28609 4f407f 28654 415f10 DestroyWindow 28609->28654 28612 4f4098 28614 4f40ba 28612->28614 28616 4f40a6 PostMessageW 28612->28616 28614->28603 28615 4f4020 28648 4049b0 76 API calls _Immortalize 28615->28648 28616->28614 28618 4f4027 28649 415f30 SetFocus 28618->28649 28620 4f403f 28650 417430 VariantClear 28620->28650 28622->28581 28623->28582 28624->28587 28625->28580 28626->28607 28655 424aa0 85 API calls _Immortalize 28627->28655 28629 4e4106 28656 4cd7c0 119 API calls 28629->28656 28631 4e411c 28657 4cd7f0 119 API calls 28631->28657 28633 4e412e 28658 425e10 22 API calls _Immortalize 28633->28658 28635 4e4159 28636 4e4190 28635->28636 28637 4e4160 28635->28637 28689 424d70 71 API calls codecvt 28636->28689 28659 4e2680 28637->28659 28641 4e4188 28643 44f6c8 _wcsupr_s_l_stat 5 API calls 28641->28643 28644 4e41c7 28643->28644 28644->28597 28644->28615 28645->28603 28646->28608 28647->28593 28648->28618 28649->28620 28650->28603 28651->28592 28652->28600 28653->28609 28654->28612 28655->28629 28656->28631 28657->28633 28658->28635 28690 4dc1b0 79 API calls 4 library calls 28659->28690 28661 4e26b6 _Immortalize 28662 4e26e1 28661->28662 28923 4cb860 77 API calls 2 library calls 28661->28923 28691 4099f0 77 API calls 28662->28691 28665 4e2708 28666 4e2726 28665->28666 28667 4e2712 28665->28667 28692 4dffd0 28666->28692 28669 4176e0 codecvt 69 API calls 28667->28669 28671 4e2721 28669->28671 28672 44f6c8 _wcsupr_s_l_stat 5 API calls 28671->28672 28673 4e2814 28672->28673 28688 424d70 71 API calls codecvt 28673->28688 28688->28641 28689->28641 28690->28661 28691->28665 28693 4e000d _Immortalize 28692->28693 28694 4175c0 _Immortalize 69 API calls 28693->28694 28695 4e0016 _Immortalize 28694->28695 28696 4175c0 _Immortalize 69 API calls 28695->28696 28697 4e002e 28696->28697 28932 4d6610 28697->28932 28704 4178c0 codecvt 69 API calls 28705 4e00a6 28704->28705 28953 4fdb00 28705->28953 28708 4181d0 _Immortalize 77 API calls 28709 4e00da 28708->28709 28710 4176e0 codecvt 69 API calls 28709->28710 28711 4e00e9 _Immortalize 28710->28711 28712 4e0166 28711->28712 28716 409760 77 API calls 28711->28716 29025 4228a0 28712->29025 28718 4e012f 28716->28718 28719 405120 77 API calls 28718->28719 28720 4e0157 28719->28720 28721 4178c0 codecvt 69 API calls 28720->28721 28721->28712 28722 409760 77 API calls 28723 4e01d7 28722->28723 28724 405120 77 API calls 28723->28724 28725 4e01ff 28724->28725 28726 4178c0 codecvt 69 API calls 28725->28726 28727 4e020e 28726->28727 28728 4176e0 codecvt 69 API calls 28727->28728 28729 4e021d _Immortalize 28728->28729 28730 417910 _Immortalize 77 API calls 28729->28730 28731 4e0239 28730->28731 29051 4f4dc0 28731->29051 28733 4e0284 28734 4098d0 _Immortalize 77 API calls 28733->28734 28735 4e0298 28734->28735 28736 405120 77 API calls 28735->28736 28737 4e02c0 28736->28737 28738 4178c0 codecvt 69 API calls 28737->28738 28739 4e02cf 28738->28739 28740 4176e0 codecvt 69 API calls 28739->28740 28741 4e02de 28740->28741 29059 49d9c0 CreateToolhelp32Snapshot 28741->29059 28744 49d9c0 10 API calls 28745 4e02f2 28744->28745 29069 496160 28745->29069 28747 4e03d1 _Immortalize 28750 417910 _Immortalize 77 API calls 28747->28750 28748 4e02fb _Immortalize 28748->28747 28749 417910 _Immortalize 77 API calls 28748->28749 28754 4e0322 _Immortalize 28749->28754 28751 4e03ed 28750->28751 29092 501ce0 28751->29092 28756 4e0370 PathFindFileNameW 28754->28756 28758 4098d0 _Immortalize 77 API calls 28756->28758 28760 4e038b 28758->28760 28762 405120 77 API calls 28760->28762 28764 4e03b3 28762->28764 28766 4178c0 codecvt 69 API calls 28764->28766 28765 4e0434 29138 4dcb20 28765->29138 28767 4e03c2 28766->28767 28768 4176e0 codecvt 69 API calls 28767->28768 28768->28747 28770 4e045d _Immortalize 29147 48cc50 28770->29147 28775 47f670 72 API calls 28776 4e0489 28775->28776 28777 416600 111 API calls 28776->28777 28778 4e049b 28777->28778 28779 4176e0 codecvt 69 API calls 28778->28779 28780 4e04ad 28779->28780 29187 4224b0 28780->29187 28923->28662 28933 4d663d _Immortalize 28932->28933 28934 417910 _Immortalize 77 API calls 28933->28934 28935 4d664b 28934->28935 28936 4181d0 _Immortalize 77 API calls 28935->28936 28937 4d665e 28936->28937 28938 4176e0 codecvt 69 API calls 28937->28938 28939 4d666d 28938->28939 28940 409760 28939->28940 29481 4050e0 28940->29481 28943 405120 77 API calls 28944 4097b4 28943->28944 28945 417620 allocator 77 API calls 28944->28945 28946 4097bd 28945->28946 28947 4178c0 codecvt 69 API calls 28946->28947 28948 4097d2 28947->28948 28949 409880 28948->28949 28950 409891 _Immortalize 28949->28950 29487 4163a0 28950->29487 28954 4fdb3d _Immortalize 28953->28954 28955 4175c0 _Immortalize 69 API calls 28954->28955 28956 4fdb46 _Immortalize 28955->28956 28957 4175c0 _Immortalize 69 API calls 28956->28957 28958 4fdb5e 28957->28958 29494 4fd9e0 28958->29494 28961 4181d0 _Immortalize 77 API calls 28962 4fdb93 28961->28962 28963 4176e0 codecvt 69 API calls 28962->28963 28964 4fdb9f _Immortalize 28963->28964 28965 4fdc1c 28964->28965 28969 409760 77 API calls 28964->28969 29499 4fda50 28965->29499 28968 4181d0 _Immortalize 77 API calls 28970 4fdc52 28968->28970 28971 4fdbe5 28969->28971 28972 4176e0 codecvt 69 API calls 28970->28972 28973 409880 77 API calls 28971->28973 28980 4fdc61 _Immortalize 28972->28980 28974 4fdc0d 28973->28974 28975 4178c0 codecvt 69 API calls 28974->28975 28975->28965 28976 4fdcfe 28977 490220 76 API calls 28976->28977 28978 4fdd11 28977->28978 28979 4901a0 77 API calls 28978->28979 28982 4fdd18 28979->28982 28980->28976 28981 4fdc90 28980->28981 28983 4130d0 _Immortalize 77 API calls 28980->28983 28985 409760 77 API calls 28981->28985 28984 4181d0 _Immortalize 77 API calls 28982->28984 28983->28981 28986 4fdd3d 28984->28986 28988 4fdcc7 28985->28988 28987 4176e0 codecvt 69 API calls 28986->28987 28996 4fdd4c _Immortalize 28987->28996 28989 405120 77 API calls 28988->28989 28990 4fdcef 28989->28990 28991 4178c0 codecvt 69 API calls 28990->28991 28991->28976 28992 4fdde9 28993 490220 76 API calls 28992->28993 28994 4fddfc 28993->28994 28995 4901a0 77 API calls 28994->28995 28998 4fde03 28995->28998 28996->28992 28997 4fdd7b 28996->28997 28999 4130d0 _Immortalize 77 API calls 28996->28999 29002 409760 77 API calls 28997->29002 29000 4181d0 _Immortalize 77 API calls 28998->29000 28999->28997 29001 4fde28 29000->29001 29003 4176e0 codecvt 69 API calls 29001->29003 29004 4fddb2 29002->29004 29008 4fde37 _Immortalize 29003->29008 29005 405120 77 API calls 29004->29005 29006 4fddda 29005->29006 29007 4178c0 codecvt 69 API calls 29006->29007 29007->28992 29009 4fde53 29008->29009 29010 4130d0 _Immortalize 77 API calls 29008->29010 29011 409760 77 API calls 29009->29011 29010->29009 29012 4fde8a 29011->29012 29013 405120 77 API calls 29012->29013 29014 4fdeb2 29013->29014 29015 4178c0 codecvt 69 API calls 29014->29015 29016 4fdec1 29015->29016 29017 417660 allocator 77 API calls 29016->29017 29018 4fdecd 29017->29018 29019 4176e0 codecvt 69 API calls 29018->29019 29020 4fdee8 29019->29020 29021 4176e0 codecvt 69 API calls 29020->29021 29022 4fdef4 29021->29022 29023 44f6c8 _wcsupr_s_l_stat 5 API calls 29022->29023 29024 4e00b2 29023->29024 29024->28708 29026 4228f6 29025->29026 29027 4228cc 29025->29027 29031 483530 29026->29031 29513 422840 29027->29513 29030 44fae5 _Immortalize 76 API calls 29030->29026 29032 48356d _Immortalize 29031->29032 29033 483600 29032->29033 29517 483240 29032->29517 29035 417660 allocator 77 API calls 29033->29035 29036 48360c 29035->29036 29038 44f6c8 _wcsupr_s_l_stat 5 API calls 29036->29038 29040 483634 29038->29040 29040->28722 29041 48358f _Immortalize 29042 4835a5 29041->29042 29045 4835cb _Immortalize 29041->29045 29539 4832f0 6 API calls _wcsupr_s_l_stat 29042->29539 29044 4835ad 29046 416600 111 API calls 29044->29046 29047 416600 111 API calls 29045->29047 29048 4835c6 29046->29048 29049 4835f1 29047->29049 29048->29049 29050 4176e0 codecvt 69 API calls 29049->29050 29050->29033 29052 4f4dec 29051->29052 29057 4f4e16 _Immortalize 29051->29057 29542 4f4b50 29052->29542 29055 44fae5 _Immortalize 76 API calls 29055->29057 29056 4f4e3b _Immortalize 29056->28733 29057->29056 29546 4f4bc0 29057->29546 29060 49da8b 29059->29060 29061 49d9f0 29059->29061 29062 44f6c8 _wcsupr_s_l_stat 5 API calls 29060->29062 29063 49da09 Process32FirstW 29061->29063 29064 49da00 GetCurrentProcessId 29061->29064 29065 49da98 29062->29065 29067 49da24 29063->29067 29064->29063 29065->28744 29066 49da81 FindCloseChangeNotification 29066->29060 29067->29066 29068 49da49 Process32NextW 29067->29068 29068->29067 29070 4961ab _memset _Immortalize 29069->29070 29071 417910 _Immortalize 77 API calls 29070->29071 29072 4961ca 29071->29072 29073 4181d0 _Immortalize 77 API calls 29072->29073 29074 4961e0 29073->29074 29075 4176e0 codecvt 69 API calls 29074->29075 29076 4961f2 OpenProcess 29075->29076 29077 4962ce _Immortalize 29076->29077 29078 496210 EnumProcessModules 29076->29078 29081 44f6c8 _wcsupr_s_l_stat 5 API calls 29077->29081 29079 49625f GetProcessImageFileNameW 29078->29079 29080 496241 GetModuleFileNameExW K32GetModuleFileNameExW 29078->29080 29082 496278 CloseHandle 29079->29082 29083 496286 _Immortalize 29079->29083 29080->29079 29084 4962fc 29081->29084 29082->29077 29085 417910 _Immortalize 77 API calls 29083->29085 29084->28748 29086 4962a4 29085->29086 29087 4181d0 _Immortalize 77 API calls 29086->29087 29088 4962ba 29087->29088 29089 4176e0 codecvt 69 API calls 29088->29089 29090 4962cc FindCloseChangeNotification 29089->29090 29090->29077 29564 41c3a0 29092->29564 29095 501530 29584 41c9d0 29095->29584 29097 50156f 29098 5015b4 29097->29098 29099 50158b 29097->29099 29590 41c1b0 69 API calls _Immortalize 29098->29590 29589 41c470 77 API calls allocator 29099->29589 29101 4e040b 29103 490220 29101->29103 29600 442fa0 29103->29600 29106 490d50 29107 490d93 _Immortalize 29106->29107 29108 4175c0 _Immortalize 69 API calls 29107->29108 29109 490d9c 29108->29109 29110 4908a0 96 API calls 29109->29110 29111 490db2 29110->29111 29112 490dd8 _Immortalize 29111->29112 29113 490dc1 29111->29113 29115 417910 _Immortalize 77 API calls 29112->29115 29114 490e0c _Immortalize 29113->29114 29116 490dca _Immortalize 29113->29116 29119 417910 _Immortalize 77 API calls 29114->29119 29117 490dee 29115->29117 29120 417910 _Immortalize 77 API calls 29116->29120 29133 490dd3 29116->29133 29121 4181d0 _Immortalize 77 API calls 29117->29121 29118 417660 allocator 77 API calls 29122 490e8a 29118->29122 29123 490e22 29119->29123 29124 490e5c 29120->29124 29125 490dfe 29121->29125 29126 4176e0 codecvt 69 API calls 29122->29126 29127 4181d0 _Immortalize 77 API calls 29123->29127 29128 4181d0 _Immortalize 77 API calls 29124->29128 29129 4176e0 codecvt 69 API calls 29125->29129 29130 490ea5 29126->29130 29131 490e32 29127->29131 29132 490e6f 29128->29132 29129->29133 29134 44f6c8 _wcsupr_s_l_stat 5 API calls 29130->29134 29135 4176e0 codecvt 69 API calls 29131->29135 29136 4176e0 codecvt 69 API calls 29132->29136 29133->29118 29137 490ebd 29134->29137 29135->29133 29136->29133 29137->28765 29139 490220 76 API calls 29138->29139 29140 4dcb2d 29139->29140 29607 491fb0 29140->29607 29143 4dcb49 29143->28770 29144 490220 76 API calls 29145 4dcb42 29144->29145 29680 491190 29145->29680 29148 48cc82 29147->29148 29151 48cc9d std::_Iterator_base::_Iterator_base 29147->29151 29150 48c830 86 API calls 29148->29150 29149 48ccbc 29152 44f6c8 _wcsupr_s_l_stat 5 API calls 29149->29152 29150->29151 29151->29149 29154 41eea0 2 API calls 29151->29154 29153 48cdc6 29152->29153 29173 484ea0 29153->29173 29155 48cce9 29154->29155 29156 48cced _memset 29155->29156 29157 48cd36 _Immortalize 29155->29157 29159 41ede0 RegQueryValueExW 29156->29159 29158 4175c0 _Immortalize 69 API calls 29157->29158 29160 48cd47 29158->29160 29161 48cd1f 29159->29161 29770 48c630 29160->29770 29795 451cbd 80 API calls wcstoxl 29161->29795 29164 48cd54 29796 427fd0 77 API calls 2 library calls 29164->29796 29165 48cd2c 29168 41ef60 RegCloseKey 29165->29168 29167 48cd60 _Immortalize 29169 48cd6f PathFindFileNameW 29167->29169 29168->29149 29797 451cbd 80 API calls wcstoxl 29169->29797 29171 48cd7c 29172 4176e0 codecvt 69 API calls 29171->29172 29172->29165 29174 484ed2 29173->29174 29179 484eed std::_Iterator_base::_Iterator_base 29173->29179 29175 484b40 83 API calls 29174->29175 29175->29179 29176 484f8b 29177 44f6c8 _wcsupr_s_l_stat 5 API calls 29176->29177 29178 484fa5 29177->29178 29178->28775 29179->29176 29180 41eea0 2 API calls 29179->29180 29183 484f2f _memset 29180->29183 29181 484f74 29182 41ef60 RegCloseKey 29181->29182 29182->29176 29183->29181 29184 41ede0 RegQueryValueExW 29183->29184 29185 484f67 29184->29185 29870 451cbd 80 API calls wcstoxl 29185->29870 29188 4176e0 codecvt 69 API calls 29187->29188 29189 4224ef 29188->29189 29482 4050f1 _Immortalize 29481->29482 29483 417e70 codecvt 69 API calls 29482->29483 29484 405105 29483->29484 29485 417850 _Immortalize 77 API calls 29484->29485 29486 405111 29485->29486 29486->28943 29488 4163c2 29487->29488 29489 4163ad 29487->29489 29493 416560 77 API calls std::ios_base::clear 29488->29493 29490 4177a0 std::locale::_Locimp::_Addfac 77 API calls 29489->29490 29492 4098a3 29490->29492 29492->28704 29493->29492 29495 490220 76 API calls 29494->29495 29496 4fda1a 29495->29496 29497 4901a0 77 API calls 29496->29497 29498 4fda21 29497->29498 29498->28961 29500 490220 76 API calls 29499->29500 29501 4fda8f 29500->29501 29502 4901a0 77 API calls 29501->29502 29504 4fda96 _Immortalize 29502->29504 29503 417660 allocator 77 API calls 29505 4fdacc 29503->29505 29509 4fdabd 29504->29509 29512 4fc760 111 API calls 3 library calls 29504->29512 29506 4176e0 codecvt 69 API calls 29505->29506 29508 4fdae1 29506->29508 29510 44f6c8 _wcsupr_s_l_stat 5 API calls 29508->29510 29509->29503 29511 4fdaf9 29510->29511 29511->28968 29512->29509 29514 422870 _Immortalize 29513->29514 29515 4175c0 _Immortalize 69 API calls 29514->29515 29516 422879 29515->29516 29516->29030 29540 451d90 29517->29540 29519 48327c GetSystemDirectoryW 29520 45508b __wsplitpath 69 API calls 29519->29520 29521 4832b6 PathAddBackslashW GetVolumeInformationW 29520->29521 29522 44f6c8 _wcsupr_s_l_stat 5 API calls 29521->29522 29523 4832ea 29522->29523 29524 483370 GetAdaptersAddresses 29523->29524 29525 44fbd9 _malloc 69 API calls 29524->29525 29526 4833dd 29525->29526 29527 4833e9 _Immortalize 29526->29527 29528 483412 GetAdaptersAddresses 29526->29528 29531 4175c0 _Immortalize 69 API calls 29527->29531 29529 4834c7 29528->29529 29537 48342d 29528->29537 29530 44fafc ___free_lc_time 69 API calls 29529->29530 29532 4834de _Immortalize 29530->29532 29533 4833fa 29531->29533 29534 417910 _Immortalize 77 API calls 29532->29534 29535 44f6c8 _wcsupr_s_l_stat 5 API calls 29533->29535 29534->29533 29536 48351e 29535->29536 29536->29041 29537->29529 29538 48349d wsprintfW 29537->29538 29538->29537 29539->29044 29541 451d9c __VEC_memzero 29540->29541 29541->29519 29541->29541 29543 4f4b89 _Immortalize 29542->29543 29544 4175c0 _Immortalize 69 API calls 29543->29544 29545 4f4b95 29544->29545 29545->29055 29547 4f4bdb _memset __write_nolock 29546->29547 29548 4f4c02 GetVolumeInformationW 29547->29548 29549 451d90 _memset 29548->29549 29550 4f4c49 GetAdaptersInfo 29549->29550 29551 4f4c60 _memset 29550->29551 29552 4f4cca StringFromGUID2 29551->29552 29553 4f4cee _Immortalize 29552->29553 29554 417910 _Immortalize 77 API calls 29553->29554 29555 4f4d01 29554->29555 29556 4181d0 _Immortalize 77 API calls 29555->29556 29557 4f4d1d 29556->29557 29558 4176e0 codecvt 69 API calls 29557->29558 29561 4f4d2f _Immortalize 29558->29561 29559 4f4d8e _Immortalize 29562 44f6c8 _wcsupr_s_l_stat 5 API calls 29559->29562 29560 417a20 std::ios_base::clear 77 API calls 29560->29561 29561->29559 29561->29560 29563 4f4db1 29562->29563 29563->29056 29565 41c3f6 29564->29565 29566 41c3cc 29564->29566 29565->29095 29570 5015e0 29566->29570 29569 44fae5 _Immortalize 76 API calls 29569->29565 29573 41c750 29570->29573 29574 41c780 _Immortalize 29573->29574 29577 41cf00 29574->29577 29578 41cf37 _Immortalize allocator 29577->29578 29581 41d800 29578->29581 29580 41c3ec 29580->29569 29582 41e630 _Immortalize 77 API calls 29581->29582 29583 41d80f HandleT _Immortalize 29582->29583 29583->29580 29591 41cf70 29584->29591 29586 41c9e9 std::_Cnd_initX Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 29587 41ca23 29586->29587 29594 41cc50 77 API calls 29586->29594 29587->29097 29589->29101 29590->29101 29595 41d870 29591->29595 29593 41cf83 _DebugHeapAllocator 29593->29586 29594->29587 29598 41d881 HandleT std::_Cnd_initX _Immortalize 29595->29598 29596 41d8ee 29596->29593 29598->29596 29599 41cc50 77 API calls 29598->29599 29599->29598 29601 442ff6 29600->29601 29602 442fcc 29600->29602 29601->29106 29606 48fff0 69 API calls 2 library calls 29602->29606 29604 442fec 29605 44fae5 _Immortalize 76 API calls 29604->29605 29605->29601 29606->29604 29608 491ff4 29607->29608 29674 491fea 29607->29674 29684 433e30 29608->29684 29610 44f6c8 _wcsupr_s_l_stat 5 API calls 29611 492463 29610->29611 29611->29143 29611->29144 29612 492006 _Immortalize Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 29613 417910 _Immortalize 77 API calls 29612->29613 29614 49203e 29613->29614 29688 433fc0 29614->29688 29618 492087 29705 443640 29618->29705 29674->29610 29683 4911a9 29680->29683 29681 4911f3 29681->29143 29682 491160 102 API calls 29682->29683 29683->29681 29683->29682 29685 433e60 _Immortalize 29684->29685 29719 4364f0 29685->29719 29689 417660 allocator 77 API calls 29688->29689 29690 433ff2 29689->29690 29691 432780 29690->29691 29692 432791 HandleT std::_Cnd_initX 29691->29692 29693 432815 29692->29693 29741 41cc50 77 API calls 29692->29741 29694 432819 29693->29694 29697 432850 _DebugHeapAllocator 29693->29697 29695 433210 77 API calls 29694->29695 29701 43283a 29695->29701 29698 432882 29697->29698 29700 432864 HandleT std::_Cnd_initX Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 29697->29700 29729 433210 29698->29729 29742 41cc50 77 API calls 29700->29742 29701->29618 29703 4328e2 29703->29701 29720 436527 _Immortalize allocator 29719->29720 29723 43a690 29720->29723 29722 433e6d 29722->29612 29726 43a810 29723->29726 29725 43a69f HandleT 29725->29722 29727 433bf0 allocator 77 API calls 29726->29727 29728 43a84c HandleT allocator 29727->29728 29728->29725 29730 433241 29729->29730 29731 433289 29730->29731 29748 4134d0 77 API calls 3 library calls 29730->29748 29741->29692 29742->29703 29771 405140 77 API calls 29770->29771 29772 48c660 29771->29772 29773 48bd40 86 API calls 29772->29773 29774 48c669 29773->29774 29775 48c80c _Immortalize 29774->29775 29798 41f190 29774->29798 29775->29164 29795->29165 29796->29167 29797->29171 29799 41f1c3 _Immortalize 29798->29799 29847 41fec0 29799->29847 29850 420ba0 29847->29850 29853 4222f0 29850->29853 29854 422305 29853->29854 29855 4222fc 29853->29855 29854->29855 29857 417b30 _Allocate 69 API calls 29854->29857 29856 44f76f _Allocate 77 API calls 29855->29856 29858 420bb2 29856->29858 29859 42231c 29857->29859 29870->29181 27354 401fc0 27355 40200b codecvt 27354->27355 27363 40210c codecvt 27355->27363 27366 401030 RaiseException codecvt _Immortalize Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 27355->27366 27357 402047 codecvt 27358 4020b5 codecvt 27357->27358 27367 4cc8c0 27357->27367 27358->27363 27377 4f71a0 27358->27377 27360 402088 27397 44fafc 27360->27397 27364 402097 27410 47f670 27364->27410 27366->27357 27368 4cc8ed _Immortalize 27367->27368 27369 4cc95c GlobalAlloc 27368->27369 27376 4cc8fa codecvt 27368->27376 27370 4cc992 _realloc 27369->27370 27369->27376 27371 4cc9a3 CreateStreamOnHGlobal 27370->27371 27372 4cc9c3 Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 27371->27372 27371->27376 27372->27376 27424 430540 27372->27424 27374 4cc9e8 Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 27374->27376 27430 4cc870 114 API calls 27374->27430 27376->27360 27378 4f71ce 27377->27378 27379 4f71d3 _Immortalize 27377->27379 27380 44f6c8 _wcsupr_s_l_stat 5 API calls 27378->27380 27381 417910 _Immortalize 77 API calls 27379->27381 27382 4f7296 27380->27382 27383 4f71e8 _Immortalize 27381->27383 27382->27363 27384 4f7272 27383->27384 27877 49e5b0 27383->27877 27385 4176e0 codecvt 69 API calls 27384->27385 27385->27378 27392 49e5b0 3 API calls 27393 4f7257 27392->27393 27394 4176e0 codecvt 69 API calls 27393->27394 27395 4f7266 27394->27395 27396 4178c0 codecvt 69 API calls 27395->27396 27396->27384 27398 44fb08 __wfsopen 27397->27398 27399 44fb47 27398->27399 27400 44fb81 __wfsopen _realloc 27398->27400 27402 457dfc __lock 67 API calls 27398->27402 27399->27400 27401 44fb5c RtlFreeHeap 27399->27401 27400->27364 27401->27400 27403 44fb6e 27401->27403 27406 44fb1f ___sbh_find_block 27402->27406 27906 454477 69 API calls __getptd_noexit 27403->27906 27405 44fb73 GetLastError 27405->27400 27407 44fb39 27406->27407 27904 457e5f __VEC_memcpy VirtualFree VirtualFree HeapFree _memmove_s 27406->27904 27905 44fb52 LeaveCriticalSection __freefls@4 27407->27905 27411 47f6a5 std::_Iterator_base::_Iterator_base 27410->27411 27412 47f75a 27410->27412 27907 41eea0 27411->27907 27413 44f6c8 _wcsupr_s_l_stat 5 API calls 27412->27413 27415 47f785 27413->27415 27415->27358 27416 47f748 27918 41ef60 27416->27918 27418 47f6c8 _memset 27418->27416 27913 41ede0 27418->27913 27421 47f727 27421->27416 27917 452133 69 API calls _vscan_fn 27421->27917 27422 41ede0 RegQueryValueExW 27422->27421 27425 43057c 27424->27425 27429 430572 codecvt 27424->27429 27431 44f76f 27425->27431 27429->27374 27430->27376 27432 44f779 27431->27432 27434 4305a1 27432->27434 27439 44f795 std::bad_alloc::bad_alloc 27432->27439 27446 44fbd9 27432->27446 27463 456ffc 7 API calls __decode_pointer 27432->27463 27434->27429 27443 430710 27434->27443 27436 44f7bb 27467 417c20 69 API calls std::exception::exception 27436->27467 27438 44f7c5 27468 456a4c RaiseException 27438->27468 27439->27436 27464 44fae5 27439->27464 27442 44f7d3 27676 42fbc0 27443->27676 27447 44fc8c 27446->27447 27456 44fbeb 27446->27456 27521 456ffc 7 API calls __decode_pointer 27447->27521 27449 44fc92 27522 454477 69 API calls __getptd_noexit 27449->27522 27454 44fc48 RtlAllocateHeap 27454->27456 27456->27454 27457 44fc78 27456->27457 27460 44fc7d 27456->27460 27462 44fc84 27456->27462 27469 458a9e 69 API calls 2 library calls 27456->27469 27470 4588f3 27456->27470 27514 45799c 27456->27514 27517 44fb8a 69 API calls 4 library calls 27456->27517 27518 456ffc 7 API calls __decode_pointer 27456->27518 27519 454477 69 API calls __getptd_noexit 27457->27519 27520 454477 69 API calls __getptd_noexit 27460->27520 27462->27432 27463->27432 27596 44faa9 27464->27596 27466 44faf2 27466->27436 27467->27438 27468->27442 27469->27456 27471 458907 27470->27471 27513 458a62 27471->27513 27523 46590f 69 API calls __wfsopen 27471->27523 27473 458929 27474 458a67 GetStdHandle 27473->27474 27524 46590f 69 API calls __wfsopen 27473->27524 27476 458a75 27474->27476 27474->27513 27477 458a7a _strlen 27476->27477 27476->27513 27480 458a8e WriteFile 27477->27480 27478 45893a 27478->27474 27479 45894c 27478->27479 27479->27513 27525 457024 69 API calls __wfsopen 27479->27525 27480->27513 27482 45896e 27483 458975 27482->27483 27484 458982 GetModuleFileNameA 27482->27484 27556 45567d 10 API calls 3 library calls 27483->27556 27486 4589a0 27484->27486 27491 4589c6 _strlen 27484->27491 27557 457024 69 API calls __wfsopen 27486->27557 27487 45897f 27487->27484 27489 4589b0 27490 4589b7 27489->27490 27489->27491 27558 45567d 10 API calls 3 library calls 27490->27558 27492 458a0b 27491->27492 27559 46585a 69 API calls __wfsopen 27491->27559 27526 4657e6 69 API calls __wfsopen 27492->27526 27495 4589c3 27495->27491 27496 458a19 27498 458a20 27496->27498 27499 458a2d 27496->27499 27561 45567d 10 API calls 3 library calls 27498->27561 27527 4657e6 69 API calls __wfsopen 27499->27527 27500 4589f3 27500->27492 27503 4589fa 27500->27503 27560 45567d 10 API calls 3 library calls 27503->27560 27504 458a2a 27504->27499 27505 458a3e 27507 458a45 27505->27507 27508 458a52 27505->27508 27562 45567d 10 API calls 3 library calls 27507->27562 27528 46567d 27508->27528 27509 458a06 27509->27492 27512 458a4f 27512->27508 27513->27456 27592 457971 GetModuleHandleW 27514->27592 27517->27456 27518->27456 27519->27460 27520->27462 27521->27449 27522->27462 27523->27473 27524->27478 27525->27482 27526->27496 27527->27505 27563 45716e 27528->27563 27531 4656a0 LoadLibraryA 27533 4656b5 GetProcAddress 27531->27533 27534 4657ca 27531->27534 27532 46572e 27551 465752 27532->27551 27578 457177 TlsGetValue 27532->27578 27533->27534 27536 4656cb 27533->27536 27534->27513 27535 46577d 27540 457177 __decode_pointer 7 API calls 27535->27540 27566 4570fc TlsGetValue 27536->27566 27537 457177 __decode_pointer 7 API calls 27548 465795 27537->27548 27540->27534 27543 457177 __decode_pointer 7 API calls 27543->27551 27544 4570fc __encode_pointer 7 API calls 27545 4656e6 GetProcAddress 27544->27545 27546 4570fc __encode_pointer 7 API calls 27545->27546 27547 4656fb GetProcAddress 27546->27547 27549 4570fc __encode_pointer 7 API calls 27547->27549 27548->27535 27550 457177 __decode_pointer 7 API calls 27548->27550 27552 465710 27549->27552 27550->27535 27551->27535 27551->27537 27552->27532 27553 46571a GetProcAddress 27552->27553 27554 4570fc __encode_pointer 7 API calls 27553->27554 27555 465728 27554->27555 27555->27532 27556->27487 27557->27489 27558->27495 27559->27500 27560->27509 27561->27504 27562->27512 27564 4570fc __encode_pointer 7 API calls 27563->27564 27565 457175 27564->27565 27565->27531 27565->27532 27567 457135 GetModuleHandleW 27566->27567 27568 457114 27566->27568 27570 457145 27567->27570 27571 457150 GetProcAddress 27567->27571 27568->27567 27569 45711e TlsGetValue 27568->27569 27577 457129 27569->27577 27590 457918 Sleep GetModuleHandleW 27570->27590 27573 45712d 27571->27573 27575 457160 RtlEncodePointer 27573->27575 27576 457168 GetProcAddress 27573->27576 27574 45714b 27574->27571 27574->27576 27575->27576 27576->27544 27577->27567 27577->27573 27579 4571b0 GetModuleHandleW 27578->27579 27580 45718f 27578->27580 27582 4571c0 27579->27582 27583 4571cb GetProcAddress 27579->27583 27580->27579 27581 457199 TlsGetValue 27580->27581 27588 4571a4 27581->27588 27591 457918 Sleep GetModuleHandleW 27582->27591 27585 4571a8 27583->27585 27586 4571e3 27585->27586 27587 4571db RtlDecodePointer 27585->27587 27586->27543 27587->27586 27588->27579 27588->27585 27589 4571c6 27589->27583 27589->27586 27590->27574 27591->27589 27593 457985 GetProcAddress 27592->27593 27594 45799a ExitProcess 27592->27594 27593->27594 27595 457995 27593->27595 27595->27594 27597 44fab5 __wfsopen 27596->27597 27604 4579b4 27597->27604 27603 44fad6 __wfsopen 27603->27466 27628 457dfc 27604->27628 27606 44faba 27607 44f9be 27606->27607 27608 457177 __decode_pointer 7 API calls 27607->27608 27609 44f9d2 27608->27609 27610 457177 __decode_pointer 7 API calls 27609->27610 27611 44f9e2 27610->27611 27622 44fa65 27611->27622 27673 457875 70 API calls 4 library calls 27611->27673 27613 44fa00 27616 44fa2a 27613->27616 27617 44fa1b 27613->27617 27626 44fa4c 27613->27626 27614 4570fc __encode_pointer 7 API calls 27615 44fa5a 27614->27615 27619 4570fc __encode_pointer 7 API calls 27615->27619 27618 44fa24 27616->27618 27616->27622 27674 4577d5 75 API calls _realloc 27617->27674 27618->27616 27624 44fa40 27618->27624 27675 4577d5 75 API calls _realloc 27618->27675 27619->27622 27627 44fadf LeaveCriticalSection _Immortalize 27622->27627 27623 44fa3a 27623->27622 27623->27624 27625 4570fc __encode_pointer 7 API calls 27624->27625 27625->27626 27626->27614 27627->27603 27629 457e24 EnterCriticalSection 27628->27629 27630 457e11 27628->27630 27629->27606 27635 457d39 27630->27635 27632 457e17 27632->27629 27661 457948 69 API calls 3 library calls 27632->27661 27634 457e23 27634->27629 27636 457d45 __wfsopen 27635->27636 27649 457d6b 27636->27649 27662 458a9e 69 API calls 2 library calls 27636->27662 27639 457d5a 27640 4588f3 __NMSG_WRITE 69 API calls 27639->27640 27643 457d61 27640->27643 27642 457d7b __wfsopen 27642->27632 27646 45799c _malloc 3 API calls 27643->27646 27644 457d8d 27669 454477 69 API calls __getptd_noexit 27644->27669 27645 457d9c 27648 457dfc __lock 69 API calls 27645->27648 27646->27649 27650 457da3 27648->27650 27649->27642 27663 457744 27649->27663 27651 457dd7 27650->27651 27652 457dab 27650->27652 27654 44fafc ___free_lc_time 69 API calls 27651->27654 27670 46561d InitializeCriticalSectionAndSpinCount __wfsopen 27652->27670 27656 457dc8 27654->27656 27655 457db6 27655->27656 27657 44fafc ___free_lc_time 69 API calls 27655->27657 27672 457df3 LeaveCriticalSection __freefls@4 27656->27672 27659 457dc2 27657->27659 27671 454477 69 API calls __getptd_noexit 27659->27671 27661->27634 27662->27639 27666 45774d 27663->27666 27664 44fbd9 _malloc 68 API calls 27664->27666 27665 457783 27665->27644 27665->27645 27666->27664 27666->27665 27667 457764 Sleep 27666->27667 27668 457779 27667->27668 27668->27665 27668->27666 27669->27642 27670->27655 27671->27656 27672->27642 27673->27613 27674->27618 27675->27623 27677 42fbf0 _Immortalize 27676->27677 27688 4175c0 27677->27688 27679 42fc1f _Immortalize 27691 4cc800 27679->27691 27681 42fc40 27695 417910 27681->27695 27705 417580 27688->27705 27692 4cc81f _wcscpy 27691->27692 27693 4cc80e 27691->27693 27692->27681 27693->27692 27714 4f8180 27693->27714 27815 417880 27695->27815 27698 4181d0 27699 4181df 27698->27699 27868 4181b0 27699->27868 27702 4176e0 27874 4178c0 27702->27874 27706 417595 _Immortalize allocator 27705->27706 27709 417e70 27706->27709 27708 4175a9 27708->27679 27710 417e83 27709->27710 27712 417e81 codecvt std::ios_base::clear 27709->27712 27710->27712 27713 418000 69 API calls __mbstowcs_l 27710->27713 27712->27708 27713->27712 27715 4f81f9 27714->27715 27718 4f81b1 _Immortalize 27714->27718 27729 44f6c8 27715->27729 27717 4f8211 27717->27692 27719 4175c0 _Immortalize 69 API calls 27718->27719 27720 4f81c2 27719->27720 27724 4f80e0 27720->27724 27722 4f81dd _wcscpy 27723 4176e0 codecvt 69 API calls 27722->27723 27723->27715 27737 4f78f0 27724->27737 27728 4f810b _Immortalize 27728->27722 27730 44f6d0 27729->27730 27731 44f6d2 IsDebuggerPresent 27729->27731 27730->27717 27814 462ed7 27731->27814 27734 456fb4 SetUnhandledExceptionFilter UnhandledExceptionFilter 27735 456fd1 __invoke_watson 27734->27735 27736 456fd9 GetCurrentProcess TerminateProcess 27734->27736 27735->27736 27736->27717 27775 4f7700 27737->27775 27740 4f797a 27741 4f7a69 27740->27741 27742 4f7a87 _Immortalize 27740->27742 27797 422290 77 API calls _Immortalize 27741->27797 27758 417910 _Immortalize 77 API calls 27742->27758 27743 4f799f 27752 495d00 80 API calls 27743->27752 27744 4f79bf 27796 4f77c0 81 API calls 3 library calls 27744->27796 27745 4f796b 27779 495d00 27745->27779 27746 4f7985 27751 495d00 80 API calls 27746->27751 27747 4f79f4 GetTempPathW 27747->27740 27750 4f7a1d _Immortalize 27747->27750 27762 417910 _Immortalize 77 API calls 27750->27762 27751->27740 27756 4f79ae 27752->27756 27754 4f79ce 27759 495d00 80 API calls 27754->27759 27763 4f79e6 27754->27763 27755 4f7a72 27798 4130d0 27755->27798 27756->27740 27756->27744 27761 4f7aa5 27758->27761 27759->27763 27760 4f79f2 27760->27740 27764 4181d0 _Immortalize 77 API calls 27761->27764 27765 4f7a3b 27762->27765 27763->27747 27763->27760 27766 4f7abb 27764->27766 27767 4181d0 _Immortalize 77 API calls 27765->27767 27768 4176e0 codecvt 69 API calls 27766->27768 27769 4f7a51 27767->27769 27770 4f7a85 _Immortalize 27768->27770 27772 4176e0 codecvt 69 API calls 27769->27772 27771 44f6c8 _wcsupr_s_l_stat 5 API calls 27770->27771 27773 4f7aed 27771->27773 27772->27740 27774 4f7bc0 111 API calls 3 library calls 27773->27774 27774->27728 27776 4f7715 27775->27776 27777 4f772b 27775->27777 27776->27777 27801 494f20 27776->27801 27777->27740 27777->27743 27777->27744 27777->27745 27777->27746 27777->27747 27780 495d33 _memset 27779->27780 27781 495d5b SHGetFolderPathW 27780->27781 27782 495df0 27781->27782 27783 495d84 27781->27783 27804 417a20 27782->27804 27785 495d9b PathRemoveBackslashW 27783->27785 27786 495d8c PathAddBackslashW 27783->27786 27788 495da8 _Immortalize 27785->27788 27786->27788 27787 495dee 27789 44f6c8 _wcsupr_s_l_stat 5 API calls 27787->27789 27791 417910 _Immortalize 77 API calls 27788->27791 27790 495e1a 27789->27790 27790->27740 27792 495dc6 27791->27792 27793 4181d0 _Immortalize 77 API calls 27792->27793 27794 495ddc 27793->27794 27795 4176e0 codecvt 69 API calls 27794->27795 27795->27787 27796->27754 27797->27755 27810 4130a0 27798->27810 27802 494af0 6 API calls 27801->27802 27803 494f28 27802->27803 27803->27777 27805 417a34 27804->27805 27807 417a39 _Immortalize 27804->27807 27806 44f67a std::ios_base::clear 77 API calls 27805->27806 27806->27807 27808 4179f0 std::ios_base::clear 69 API calls 27807->27808 27809 417a99 std::ios_base::clear 27807->27809 27808->27809 27809->27787 27811 4130b0 _Immortalize 27810->27811 27812 412fc0 _Immortalize 77 API calls 27811->27812 27813 4130c0 27812->27813 27813->27770 27814->27734 27816 417895 _Immortalize allocator 27815->27816 27817 417e70 codecvt 69 API calls 27816->27817 27818 4178a9 27817->27818 27821 417850 27818->27821 27822 417860 _Immortalize 27821->27822 27825 4177a0 27822->27825 27824 417870 27824->27698 27826 4177b3 std::locale::_Locimp::_Addfac 27825->27826 27827 4177ba _Immortalize 27826->27827 27828 4177dc 27826->27828 27843 4180c0 27827->27843 27834 417ef0 27828->27834 27831 4177ea _Immortalize 27833 4177da std::ios_base::clear 27831->27833 27856 418000 69 API calls __mbstowcs_l 27831->27856 27833->27824 27835 417f01 std::ios_base::clear 27834->27835 27836 417f0b 27835->27836 27865 44f642 77 API calls 3 library calls 27835->27865 27838 417f16 27836->27838 27841 417f2b 27836->27841 27857 417cf0 27838->27857 27840 417f29 std::ios_base::clear 27840->27831 27841->27840 27842 417e70 codecvt 69 API calls 27841->27842 27842->27840 27844 4180d1 _Immortalize 27843->27844 27846 4180db _Immortalize 27844->27846 27866 44f67a 77 API calls 3 library calls 27844->27866 27847 418124 27846->27847 27848 4180ff 27846->27848 27849 417ef0 std::ios_base::clear 77 API calls 27847->27849 27850 417a20 std::ios_base::clear 77 API calls 27848->27850 27854 418132 _Immortalize 27849->27854 27851 418114 27850->27851 27853 417a20 std::ios_base::clear 77 API calls 27851->27853 27852 418122 std::ios_base::clear 27852->27833 27853->27852 27854->27852 27867 418000 69 API calls __mbstowcs_l 27854->27867 27856->27833 27858 417d30 std::ios_base::clear 27857->27858 27859 417cd0 allocator 77 API calls 27858->27859 27861 417d9d _Immortalize 27859->27861 27860 417e70 codecvt 69 API calls 27863 417e32 std::ios_base::clear 27860->27863 27862 418000 std::locale::_Locimp::_Addfac 69 API calls 27861->27862 27864 417e23 27861->27864 27862->27864 27863->27840 27864->27860 27867->27852 27871 418180 27868->27871 27872 4180c0 allocator 77 API calls 27871->27872 27873 41819b 27872->27873 27873->27702 27875 417e70 codecvt 69 API calls 27874->27875 27876 417728 27875->27876 27876->27429 27878 49e5bc _Immortalize 27877->27878 27879 49e5d3 _Immortalize 27877->27879 27880 49e5cc SetFileAttributesW 27878->27880 27881 49e5de DeleteFileW 27879->27881 27880->27879 27882 49e5e9 GetLastError 27881->27882 27883 49e5f8 27881->27883 27882->27883 27884 405260 27883->27884 27885 40529b allocator 27884->27885 27892 406b90 27885->27892 27888 409810 27889 40983e _Immortalize 27888->27889 27898 40a3c0 27889->27898 27893 406ba5 _Immortalize allocator 27892->27893 27894 417e70 codecvt 69 API calls 27893->27894 27895 406bb9 27894->27895 27896 4180c0 allocator 77 API calls 27895->27896 27897 4052b0 27896->27897 27897->27888 27899 40a3d1 _Immortalize 27898->27899 27900 417e70 codecvt 69 API calls 27899->27900 27901 40a3e5 27900->27901 27902 4177a0 std::locale::_Locimp::_Addfac 77 API calls 27901->27902 27903 409853 27902->27903 27903->27392 27904->27407 27905->27399 27906->27405 27908 41eea9 27907->27908 27908->27908 27909 41eeb1 RegOpenKeyExW 27908->27909 27910 41eed9 27909->27910 27911 41eee1 27909->27911 27921 41ef10 27910->27921 27911->27418 27914 41ede9 27913->27914 27914->27914 27915 41edf1 RegQueryValueExW 27914->27915 27916 41ee2b 27915->27916 27916->27421 27916->27422 27917->27416 27919 41ef10 RegCloseKey 27918->27919 27920 41ef6f 27919->27920 27920->27412 27922 41ef40 27921->27922 27923 41ef28 RegCloseKey 27921->27923 27922->27911 27923->27922 31247 423ad0 31248 423b26 31247->31248 31249 423afc 31247->31249 31253 4f8400 31249->31253 31251 423b1c 31252 44fae5 _Immortalize 76 API calls 31251->31252 31252->31248 31254 4f8430 _Immortalize 31253->31254 31255 4175c0 _Immortalize 69 API calls 31254->31255 31256 4f844d InitializeCriticalSection 31255->31256 31256->31251 28539 4231e0 28542 4edd10 28539->28542 28543 4edd2d 28542->28543 28544 4edd20 InternetCloseHandle 28542->28544 28545 4edd35 InternetCloseHandle 28543->28545 28546 4231ef 28543->28546 28544->28543 28545->28546 30625 4041f0 30626 404211 30625->30626 30633 40420c 30625->30633 30627 40423f 30626->30627 30761 4f1cb0 121 API calls 3 library calls 30626->30761 30631 404282 30627->30631 30627->30633 30635 4f3180 30627->30635 30631->30633 30634 4042c2 30631->30634 30684 4f3900 30631->30684 30634->30633 30762 403620 117 API calls 30634->30762 30636 4f31b9 _Immortalize 30635->30636 30637 4175c0 _Immortalize 69 API calls 30636->30637 30638 4f31c2 30637->30638 30639 4f31cf _Immortalize 30638->30639 30640 4f320c 30638->30640 30643 417910 _Immortalize 77 API calls 30639->30643 30641 416600 111 API calls 30640->30641 30642 4f321e 30641->30642 30763 4f2770 30642->30763 30644 4f31e4 30643->30644 30646 4181d0 _Immortalize 77 API calls 30644->30646 30648 4f31f4 30646->30648 30647 4f322c 30649 4f3233 30647->30649 30650 4f3251 30647->30650 30653 4176e0 codecvt 69 API calls 30648->30653 30651 4176e0 codecvt 69 API calls 30649->30651 30779 4f2350 90 API calls 30650->30779 30681 4f3249 30651->30681 30655 4f3200 SysFreeString 30653->30655 30654 4f325c 30656 4f326b _Immortalize 30654->30656 30780 4f2370 90 API calls 2 library calls 30654->30780 30655->30642 30660 417910 _Immortalize 77 API calls 30656->30660 30658 44f6c8 _wcsupr_s_l_stat 5 API calls 30659 4f339d 30658->30659 30659->30631 30661 4f3287 30660->30661 30662 501ce0 77 API calls 30661->30662 30663 4f329e 30662->30663 30664 501530 77 API calls 30663->30664 30665 4f32a5 30664->30665 30666 4224b0 codecvt 69 API calls 30665->30666 30667 4f32da 30666->30667 30668 4176e0 codecvt 69 API calls 30667->30668 30669 4f32e9 30668->30669 30670 4f334e 30669->30670 30781 416a10 VariantInit 30669->30781 30784 4049b0 76 API calls _Immortalize 30670->30784 30673 4f3353 30785 4f30e0 131 API calls _Immortalize 30673->30785 30675 4f3342 30783 417430 VariantClear 30675->30783 30677 4f3369 30679 4176e0 codecvt 69 API calls 30677->30679 30678 4f32f7 30678->30675 30680 404820 _Immortalize 76 API calls 30678->30680 30679->30681 30682 4f333b 30680->30682 30681->30658 30782 4048a0 77 API calls 2 library calls 30682->30782 30689 4f3938 30684->30689 30685 4f3da4 30696 4f3e6c 30685->30696 30890 416a50 30685->30890 30686 4f3951 30688 44f6c8 _wcsupr_s_l_stat 5 API calls 30686->30688 30687 4f3ab5 _memset codecvt 30687->30685 31009 416a10 VariantInit 30687->31009 30692 4f3ec8 30688->30692 30689->30686 30689->30687 30882 4d5110 30689->30882 30692->30634 30694 4f3dc9 _Immortalize 30701 417910 _Immortalize 77 API calls 30694->30701 30696->30686 31016 4efd20 PostMessageW GetParent SendMessageW _Immortalize 30696->31016 30699 4f3c81 SHBrowseForFolderW 30703 4f3ce7 SHGetPathFromIDListW 30699->30703 30704 4f3d92 30699->30704 30700 4f3995 30998 49c910 124 API calls 30700->30998 30706 4f3dee 30701->30706 30702 4f3c34 _wcscpy 30702->30699 30703->30704 30709 4f3d03 30703->30709 31012 417430 VariantClear 30704->31012 30895 4f2a70 30706->30895 30712 4f3d0d StrStrIW 30709->30712 30711 4176e0 codecvt 69 API calls 30724 4f3e23 _Immortalize 30711->30724 30713 4f3d1f PathAddBackslashW 30712->30713 30718 4f3d36 _wcscat 30712->30718 30713->30718 30714 4f39a2 30715 4f3a08 _Immortalize 30714->30715 30999 416210 GetParent _DebugHeapAllocator 30714->30999 30725 417910 _Immortalize 77 API calls 30715->30725 30717 4f3e5a 31015 417300 SysFreeString 30717->31015 31010 4169e0 SysAllocString VariantClear RaiseException 30718->31010 30720 4f39d4 31000 416be0 GetWindowLongW 30720->31000 30721 4f3d58 31011 417430 VariantClear 30721->31011 30724->30717 31013 415f90 SysFreeString SysAllocString RaiseException Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 30724->31013 30728 4f3a24 30725->30728 30726 4f39db 31001 416210 GetParent _DebugHeapAllocator 30726->31001 30735 501ce0 77 API calls 30728->30735 30731 4f3e4b 31014 415f50 SysStringByteLen SysAllocStringByteLen SysAllocStringByteLen 30731->31014 30732 4f3a01 31002 415ff0 SetWindowLongW 30732->31002 30736 4f3a42 30735->30736 31003 5018f0 77 API calls codecvt 30736->31003 30738 4f3a49 30739 4176e0 codecvt 69 API calls 30738->30739 30740 4f3a5b 30739->30740 30741 4f3ac9 30740->30741 30746 4f3a61 _Immortalize Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 30740->30746 30742 417660 allocator 77 API calls 30741->30742 30745 4f3af0 _Immortalize 30742->30745 30743 4f3bf1 30744 4176e0 codecvt 69 API calls 30743->30744 30744->30687 30745->30743 30748 4175c0 _Immortalize 69 API calls 30745->30748 30746->30687 31004 404ae0 77 API calls _Immortalize 30746->31004 30750 4f3b52 30748->30750 30749 4f3aae 31005 4f9110 126 API calls 5 library calls 30749->31005 31006 405370 111 API calls __CxxThrowException@8 30750->31006 30753 4f3b6b 31007 4051a0 77 API calls 30753->31007 30755 4f3ba4 30756 4181d0 _Immortalize 77 API calls 30755->30756 30757 4f3bcd 30756->30757 31008 4f0b90 84 API calls _Immortalize 30757->31008 30759 4f3be5 30760 4176e0 codecvt 69 API calls 30759->30760 30760->30743 30761->30627 30762->30633 30764 404820 _Immortalize 76 API calls 30763->30764 30765 4f279d _Immortalize 30764->30765 30766 4f283b codecvt 30765->30766 30786 4f06e0 6 API calls 3 library calls 30765->30786 30766->30647 30768 4f27e3 30768->30766 30787 416a10 VariantInit 30768->30787 30770 4f27f2 30771 404820 _Immortalize 76 API calls 30770->30771 30772 4f281d 30771->30772 30788 4d9ef0 30772->30788 30775 4f284f 30805 417430 VariantClear 30775->30805 30776 4f282b 30804 417430 VariantClear 30776->30804 30779->30654 30780->30656 30781->30678 30782->30675 30783->30670 30784->30673 30785->30677 30786->30768 30787->30770 30806 4d63e0 30788->30806 30791 4d9f2d 30831 4227c0 30791->30831 30792 4d9f4e _Immortalize 30795 417910 _Immortalize 77 API calls 30792->30795 30798 4d9f63 30795->30798 30797 4d9f47 30797->30775 30797->30776 30799 4181d0 _Immortalize 77 API calls 30798->30799 30800 4d9f79 30799->30800 30801 4176e0 codecvt 69 API calls 30800->30801 30802 4d9f88 30801->30802 30838 422290 77 API calls _Immortalize 30802->30838 30804->30766 30805->30766 30809 4d641b _Immortalize 30806->30809 30824 4d6425 30806->30824 30807 44f6c8 _wcsupr_s_l_stat 5 API calls 30808 4d6606 30807->30808 30808->30791 30808->30792 30810 4175c0 _Immortalize 69 API calls 30809->30810 30809->30824 30811 4d6491 _Immortalize 30810->30811 30812 417910 _Immortalize 77 API calls 30811->30812 30814 4d64ad 30812->30814 30813 4d6560 30815 49e7e0 _Immortalize 71 API calls 30813->30815 30814->30813 30818 405260 77 API calls 30814->30818 30822 409880 77 API calls 30814->30822 30825 4178c0 codecvt 69 API calls 30814->30825 30826 49e7e0 _Immortalize 71 API calls 30814->30826 30839 49e610 30814->30839 30816 4d656b 30815->30816 30817 4d65cd 30816->30817 30820 4181d0 _Immortalize 77 API calls 30816->30820 30819 4176e0 codecvt 69 API calls 30817->30819 30818->30814 30821 4d65df 30819->30821 30830 4d658b 30820->30830 30823 4176e0 codecvt 69 API calls 30821->30823 30822->30814 30823->30824 30824->30807 30825->30814 30826->30814 30827 417a20 std::ios_base::clear 77 API calls 30827->30830 30830->30817 30830->30827 30845 49e590 30830->30845 30832 422816 30831->30832 30833 4227ec 30831->30833 30837 4cd8f0 150 API calls _wcsupr_s_l_stat 30832->30837 30858 4f1500 30833->30858 30836 44fae5 _Immortalize 76 API calls 30836->30832 30837->30797 30838->30797 30849 416a30 30839->30849 30841 49e621 CreateDirectoryW 30842 49e631 30841->30842 30843 49e642 30841->30843 30842->30843 30844 49e637 GetLastError 30842->30844 30843->30814 30844->30843 30846 49e59e _Immortalize 30845->30846 30851 455218 RemoveDirectoryW 30846->30851 30848 49e5a4 30848->30830 30850 416a3f _Immortalize 30849->30850 30850->30841 30852 455232 30851->30852 30853 45522a GetLastError 30851->30853 30854 455244 30852->30854 30857 45449d 69 API calls 3 library calls 30852->30857 30853->30852 30854->30848 30856 45523e 30856->30848 30857->30856 30859 4f1533 _Immortalize 30858->30859 30860 44f76f _Allocate 77 API calls 30859->30860 30861 4f1592 30860->30861 30863 4f15aa 30861->30863 30880 4f1000 77 API calls _Immortalize 30861->30880 30864 4098d0 _Immortalize 77 API calls 30863->30864 30865 4f15f8 30864->30865 30866 409810 _Immortalize 77 API calls 30865->30866 30867 4f1614 30866->30867 30868 4178c0 codecvt 69 API calls 30867->30868 30869 4f1620 30868->30869 30870 49e7e0 _Immortalize 71 API calls 30869->30870 30871 4f162b 30870->30871 30872 44f76f _Allocate 77 API calls 30871->30872 30876 4f1657 30871->30876 30873 4f163f 30872->30873 30873->30876 30881 405010 69 API calls _Immortalize 30873->30881 30874 4176e0 codecvt 69 API calls 30875 4f168b 30874->30875 30877 44f6c8 _wcsupr_s_l_stat 5 API calls 30875->30877 30876->30874 30879 42280c 30877->30879 30879->30836 30880->30863 30881->30876 30883 4d5119 30882->30883 30884 4d5123 30882->30884 31027 41eff0 GetUserDefaultLCID GetUserDefaultUILanguage 30883->31027 30886 4d514b 30884->30886 31017 4246a0 30884->31017 30997 416210 GetParent _DebugHeapAllocator 30886->30997 30891 416a68 SysAllocString 30890->30891 30892 416a5d 30890->30892 30893 416a7f Concurrency::details::ThreadVirtualProcessor::ThreadVirtualProcessor 30891->30893 30892->30694 30893->30892 31072 417470 RaiseException _DebugHeapAllocator __CxxThrowException@8 30893->31072 30896 4f2ab3 _Immortalize 30895->30896 30897 4175c0 _Immortalize 69 API calls 30896->30897 30898 4f2abf 30897->30898 31073 4f0440 77 API calls 3 library calls 30898->31073 30900 4f2bf4 31074 404150 69 API calls _Immortalize 30900->31074 30902 4f2ae1 30902->30900 31127 4099f0 77 API calls 30902->31127 30903 4f2bfc 31075 4f19a0 77 API calls 4 library calls 30903->31075 30906 4f2c1f _Immortalize 30908 4175c0 _Immortalize 69 API calls 30906->30908 30907 4f2b2c 30907->30900 30909 4f2bce 30907->30909 30911 4f2c3a _Immortalize 30908->30911 30912 4176e0 codecvt 69 API calls 30909->30912 30910 4f2b22 30910->30907 31128 4099f0 77 API calls 30910->31128 30915 416600 111 API calls 30911->30915 30965 4f2be9 30912->30965 30914 44f6c8 _wcsupr_s_l_stat 5 API calls 30917 4f30d3 30914->30917 30918 4f2c6f _Immortalize 30915->30918 30916 4f2b6e 30916->30907 31129 4099f0 77 API calls 30916->31129 30917->30711 31076 4162c0 30918->31076 30922 4176e0 codecvt 69 API calls 30923 4f2c9a 30922->30923 31080 4f0440 77 API calls 3 library calls 30923->31080 30925 4f2cb8 30926 4f2cc3 30925->30926 30927 4f2e51 30925->30927 31081 4099f0 77 API calls 30926->31081 31132 4f0440 77 API calls 3 library calls 30927->31132 30929 4f2e6c 30931 4f2ebd 30929->30931 30932 4f2e73 _Immortalize 30929->30932 31133 4f0440 77 API calls 3 library calls 30931->31133 30937 417910 _Immortalize 77 API calls 30932->30937 30934 4f2edb 30935 4f2fb6 30934->30935 30936 4f2ee6 30934->30936 30938 4176e0 codecvt 69 API calls 30935->30938 30949 409760 77 API calls 30936->30949 30940 4f2e8f 30937->30940 30943 4f2fce 30938->30943 30939 4f2cf9 30951 4f2d03 30939->30951 31130 4099f0 77 API calls 30939->31130 30945 4181d0 _Immortalize 77 API calls 30940->30945 30941 4f2d59 30942 4176e0 codecvt 69 API calls 30941->30942 30947 4f2d71 30942->30947 31136 404e10 69 API calls codecvt 30943->31136 30946 4f2ea2 30945->30946 30952 4176e0 codecvt 69 API calls 30946->30952 31131 404e10 69 API calls codecvt 30947->31131 30948 4f2d9a _Immortalize 30954 4175c0 _Immortalize 69 API calls 30948->30954 30955 4f2f23 30949->30955 30951->30941 30951->30948 30957 4f2e4c 30952->30957 30959 4f2db1 30954->30959 30960 409880 77 API calls 30955->30960 30956 4f2fda 30961 4176e0 codecvt 69 API calls 30956->30961 30966 4f2fff 30957->30966 30977 4f3016 30957->30977 30958 4f2d7d 30962 4176e0 codecvt 69 API calls 30958->30962 31082 4f0440 77 API calls 3 library calls 30959->31082 30964 4f2f4b 30960->30964 30961->30965 30962->30965 30968 4178c0 codecvt 69 API calls 30964->30968 30965->30914 31137 404fc0 77 API calls _Immortalize 30966->31137 30967 4f2dd3 30970 4181d0 _Immortalize 77 API calls 30967->30970 30971 4f2f5a 30968->30971 30974 4f2de2 30970->30974 31134 405340 80 API calls _Immortalize 30971->31134 30973 4f3014 30982 4176e0 codecvt 69 API calls 30973->30982 31083 4f24a0 30974->31083 30975 4f2f67 31135 4f0e80 111 API calls 3 library calls 30975->31135 30976 4f305f 31139 404fc0 77 API calls _Immortalize 30976->31139 30977->30976 31138 4067e0 77 API calls _Immortalize 30977->31138 30985 4f309a 30982->30985 30983 4181d0 _Immortalize 77 API calls 30986 4f2e27 30983->30986 30984 4f2f80 30987 4181d0 _Immortalize 77 API calls 30984->30987 31140 404e10 69 API calls codecvt 30985->31140 30991 4176e0 codecvt 69 API calls 30986->30991 30992 4f2fa5 30987->30992 30990 4f30a6 30993 4176e0 codecvt 69 API calls 30990->30993 30994 4f2e36 30991->30994 30995 4176e0 codecvt 69 API calls 30992->30995 30993->30965 30996 4176e0 codecvt 69 API calls 30994->30996 30995->30957 30996->30957 30997->30700 30998->30714 30999->30720 31000->30726 31001->30732 31002->30715 31003->30738 31004->30749 31005->30687 31006->30753 31007->30755 31008->30759 31009->30702 31010->30721 31011->30704 31012->30685 31013->30731 31014->30717 31015->30696 31016->30686 31018 4246b0 31017->31018 31029 424630 31018->31029 31020 4246cd 31026 4246d4 31020->31026 31035 424570 31020->31035 31025 4245c0 22 API calls 31025->31026 31028 49bcd0 77 API calls std::ios_base::clear 31026->31028 31027->30884 31028->30886 31030 424640 31029->31030 31031 42464a 31030->31031 31032 42465a IsValidCodePage 31030->31032 31031->31020 31032->31031 31033 424669 31032->31033 31044 4244c0 7 API calls 31033->31044 31036 424580 DeleteObject 31035->31036 31037 424597 31035->31037 31036->31037 31038 4245a0 DeleteObject 31037->31038 31039 4245b7 31037->31039 31038->31039 31040 4245c0 31039->31040 31041 4245d4 31040->31041 31045 424280 GetDC 31041->31045 31044->31031 31046 4242f4 31045->31046 31047 424398 GetDeviceCaps MulDiv 31046->31047 31048 4243be MulDiv 31046->31048 31050 4243d7 31046->31050 31047->31050 31048->31050 31049 424436 31051 424463 _wcscpy 31049->31051 31052 42443c GetDeviceCaps MulDiv 31049->31052 31050->31049 31057 424140 31050->31057 31054 424479 ReleaseDC 31051->31054 31052->31051 31055 44f6c8 _wcsupr_s_l_stat 5 API calls 31054->31055 31056 424492 31055->31056 31056->31025 31058 424156 31057->31058 31059 42415e GetDC 31057->31059 31060 424169 CreateFontW SelectObject GetTextFaceW 31058->31060 31059->31060 31061 4241c6 31060->31061 31062 4241cf GetTextCharset 31060->31062 31063 4241f6 SelectObject 31061->31063 31064 4241e8 GetTextMetricsW 31061->31064 31062->31061 31065 424216 31063->31065 31066 42420a ReleaseDC 31063->31066 31064->31063 31067 42423b DeleteObject 31065->31067 31068 424229 StrStrIW 31065->31068 31070 42424e _wcscpy 31065->31070 31066->31065 31067->31070 31068->31067 31068->31070 31069 44f6c8 _wcsupr_s_l_stat 5 API calls 31071 424271 31069->31071 31070->31069 31071->31050 31072->30892 31073->30902 31074->30903 31075->30906 31077 416308 31076->31077 31079 41631a 31077->31079 31141 4bf560 31077->31141 31079->30922 31080->30925 31081->30939 31082->30967 31084 4f24e3 _Immortalize 31083->31084 31085 4175c0 _Immortalize 69 API calls 31084->31085 31086 4f24ec _Immortalize 31085->31086 31087 4175c0 _Immortalize 69 API calls 31086->31087 31088 4f2504 31087->31088 31167 4d6ea0 31088->31167 31091 409760 77 API calls 31092 4f2551 31091->31092 31093 405120 77 API calls 31092->31093 31094 4f2579 31093->31094 31095 4178c0 codecvt 69 API calls 31094->31095 31096 4f2585 _Immortalize 31095->31096 31097 4f2604 31096->31097 31099 409760 77 API calls 31096->31099 31098 416600 111 API calls 31097->31098 31100 4f2624 31098->31100 31101 4f25cd 31099->31101 31104 405120 77 API calls 31100->31104 31102 405120 77 API calls 31101->31102 31103 4f25f5 31102->31103 31105 4178c0 codecvt 69 API calls 31103->31105 31106 4f2655 31104->31106 31105->31097 31107 4fdb00 111 API calls 31106->31107 31108 4f2661 31107->31108 31109 4181d0 _Immortalize 77 API calls 31108->31109 31110 4f2689 31109->31110 31111 4176e0 codecvt 69 API calls 31110->31111 31112 4f2698 _Immortalize 31111->31112 31113 4f2715 31112->31113 31116 409760 77 API calls 31112->31116 31114 417660 allocator 77 API calls 31113->31114 31115 4f2721 31114->31115 31117 4176e0 codecvt 69 API calls 31115->31117 31118 4f26de 31116->31118 31119 4f273c 31117->31119 31120 405120 77 API calls 31118->31120 31121 4176e0 codecvt 69 API calls 31119->31121 31123 4f2706 31120->31123 31122 4f2748 31121->31122 31124 44f6c8 _wcsupr_s_l_stat 5 API calls 31122->31124 31125 4178c0 codecvt 69 API calls 31123->31125 31126 4f2760 31124->31126 31125->31113 31126->30983 31127->30910 31128->30916 31129->30907 31130->30951 31131->30958 31132->30929 31133->30934 31134->30975 31135->30984 31136->30956 31137->30973 31138->30976 31139->30973 31140->30990 31144 4c0dc0 31141->31144 31145 4c0dec 31144->31145 31146 4bf568 31144->31146 31150 4c0300 31145->31150 31146->31079 31149 44fae5 _Immortalize 76 API calls 31149->31146 31151 4c0330 _Immortalize 31150->31151 31162 49f690 31151->31162 31153 4c0346 _Immortalize 31154 4175c0 _Immortalize 69 API calls 31153->31154 31155 4c0382 _Immortalize 31154->31155 31156 4175c0 _Immortalize 69 API calls 31155->31156 31158 4c039d InitializeCriticalSectionAndSpinCount 31156->31158 31159 4c0405 31158->31159 31160 4c03fb 31158->31160 31159->31149 31166 4c2160 113 API calls 6 library calls 31160->31166 31163 49f6c9 _Immortalize 31162->31163 31164 4175c0 _Immortalize 69 API calls 31163->31164 31165 49f6d5 31164->31165 31165->31153 31166->31159 31168 4d6ed6 _Immortalize 31167->31168 31169 4175c0 _Immortalize 69 API calls 31168->31169 31170 4d6edf 31169->31170 31171 495d00 80 API calls 31170->31171 31172 4d6ef5 31171->31172 31173 4130d0 _Immortalize 77 API calls 31172->31173 31174 4d6f05 31173->31174 31175 49e7e0 _Immortalize 71 API calls 31174->31175 31177 4d6f1d _memset _Immortalize 31175->31177 31176 4d6fe2 _Immortalize 31178 417910 _Immortalize 77 API calls 31176->31178 31177->31176 31179 4d6f56 GetPrivateProfileStringW 31177->31179 31180 4d6ffd 31178->31180 31179->31176 31181 4d6f7a _Immortalize 31179->31181 31182 4181d0 _Immortalize 77 API calls 31180->31182 31185 417910 _Immortalize 77 API calls 31181->31185 31183 4d7010 31182->31183 31184 4176e0 codecvt 69 API calls 31183->31184 31186 4d701f _Immortalize 31184->31186 31187 4d6f98 31185->31187 31189 4176e0 codecvt 69 API calls 31186->31189 31188 4181d0 _Immortalize 77 API calls 31187->31188 31190 4d6fab 31188->31190 31192 4d6fda 31189->31192 31191 4176e0 codecvt 69 API calls 31190->31191 31193 4d6fba _Immortalize 31191->31193 31194 44f6c8 _wcsupr_s_l_stat 5 API calls 31192->31194 31196 4176e0 codecvt 69 API calls 31193->31196 31195 4d705a 31194->31195 31195->31091 31196->31192 28547 422580 RegCreateKeyExW 28549 4225c1 28547->28549 28548 4225d7 28549->28548 28550 41ef10 RegCloseKey 28549->28550 28550->28548 28551 4cd380 28552 4cd38f LoadIconW 28551->28552 28553 4cd3a3 28551->28553 28554 4cd3aa 28552->28554 28556 4d5a80 28553->28556 28557 4d5ab8 28556->28557 28558 4098d0 _Immortalize 77 API calls 28557->28558 28559 4d5ade 28558->28559 28560 409810 _Immortalize 77 API calls 28559->28560 28561 4d5afd 28560->28561 28562 4178c0 codecvt 69 API calls 28561->28562 28563 4d5b09 28562->28563 28564 49e7e0 _Immortalize 71 API calls 28563->28564 28567 4d5b14 _Immortalize 28564->28567 28565 4d5b43 28566 4d5b5f IsWindow 28565->28566 28570 4d5b55 LoadIconW 28565->28570 28568 4d5b6d SendMessageW SendMessageW 28566->28568 28569 4d5b97 28566->28569 28567->28565 28573 4d5b39 LoadImageW 28567->28573 28568->28569 28571 4176e0 codecvt 69 API calls 28569->28571 28570->28566 28572 4d5bac 28571->28572 28574 44f6c8 _wcsupr_s_l_stat 5 API calls 28572->28574 28573->28565 28575 4d5bc4 28574->28575 28575->28554 31260 423bb0 31263 423b50 31260->31263 31262 423bbf codecvt 31264 4176e0 codecvt 69 API calls 31263->31264 31265 423b9b 31264->31265 31265->31262

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 004F4BC0, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 130COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                			E004F4BC0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				WCHAR* _v8;
				char _v16;
				signed int _v20;
				char _v36;
				int _v40;
				char _v44;
				long _v48;
				intOrPtr _v6128;
				char _v6528;
				char _v7046;
				char _v7048;
				intOrPtr _v7052;
				WCHAR* _v7056;
				intOrPtr _v7060;
				char _v7092;
				char _v7093;
				intOrPtr _v7100;
				signed int _t54;
				signed int _t55;
				int _t59;
				char* _t62;
				void* _t65;
				void* _t71;
				void* _t77;
				void* _t111;
				signed int _t112;

				_t111 = __esi;
				_t110 = __edi;
				_t77 = __ebx;
				_push(0xffffffff);
				_push(0x507eec);
				_push( *[fs:0x0]);
				E0045D8E0(0x1bac);
				_t54 =  *0x561244; // 0x554c9ad9
				_t55 = _t54 ^ _t112;
				_v20 = _t55;
				_push(_t55);
				 *[fs:0x0] =  &_v16;
				_v7100 = __ecx;
				E00451D90(__edi,  &_v36, 0, 0x10);
				_v48 = 0;
				_t59 = GetVolumeInformationW(L"C:\\", 0, 0,  &_v48, 0, 0, 0, 0); // executed
				_v40 = _t59;
				_v36 = _v48;
				_v44 = 0x1950;
				E00451D90(_t110,  &_v6528, 0, _v44);
				_push( &_v44);
				_t62 =  &_v6528;
				_push(_t62); // executed
				L0044F17E(); // executed
				if(_t62 == 0) {
					_v7052 = _v6128;
					_v7056 = 0;
					while(_v7056 < _v7052) {
						 *((char*)(_t112 + _v7056 - 0x16)) =  *((intOrPtr*)(_t112 + _v7056 - 0x17e8));
						_v7056 =  &(_v7056[0]);
					}
				}
				_v7048 = 0;
				E00451D90(_t110,  &_v7046, 0, 0x206);
				__imp__StringFromGUID2( &_v36,  &_v7048, 0x104);
				_t65 = E00434050( &_v7093);
				_t106 =  &_v7048;
				E00417910( &_v7048, _t65);
				_v8 = 0;
				E004181D0(_v7100 + 4,  &_v7092);
				_v8 = 0xffffffff;
				E004176E0();
				_v7060 = E004259F0(_v7100 + 8, __eflags, L"{-}", 0);
				while(1) {
					__eflags = _v7060 - 0xffffffff;
					if(_v7060 == 0xffffffff) {
						break;
					}
					_t106 = _v7060;
					E00417A20(_t77, _v7100 + 8, _t110, _t111, _v7060, 1);
					__eflags = _v7100 + 8;
					_v7060 = E004259F0(_v7100 + 8, _v7100 + 8, L"{-}", _v7060);
				}
				_t71 = E0041A3D0(_v7100 + 4);
				 *[fs:0x0] = _v16;
				__eflags = _v20 ^ _t112;
				return E0044F6C8(_t71, _t77, _v20 ^ _t112, _t106, _t110, _t111);
			}





























                                                                                                                                                                                0x004f4bc0
                                                                                                                                                                                0x004f4bc0
                                                                                                                                                                                0x004f4bc0
                                                                                                                                                                                0x004f4bc3
                                                                                                                                                                                0x004f4bc5
                                                                                                                                                                                0x004f4bd0
                                                                                                                                                                                0x004f4bd6
                                                                                                                                                                                0x004f4bdb
                                                                                                                                                                                0x004f4be0
                                                                                                                                                                                0x004f4be2
                                                                                                                                                                                0x004f4be5
                                                                                                                                                                                0x004f4be9
                                                                                                                                                                                0x004f4bef
                                                                                                                                                                                0x004f4bfd
                                                                                                                                                                                0x004f4c05
                                                                                                                                                                                0x004f4c21
                                                                                                                                                                                0x004f4c27
                                                                                                                                                                                0x004f4c2d
                                                                                                                                                                                0x004f4c30
                                                                                                                                                                                0x004f4c44
                                                                                                                                                                                0x004f4c4f
                                                                                                                                                                                0x004f4c50
                                                                                                                                                                                0x004f4c56
                                                                                                                                                                                0x004f4c57
                                                                                                                                                                                0x004f4c5e
                                                                                                                                                                                0x004f4c66
                                                                                                                                                                                0x004f4c6c
                                                                                                                                                                                0x004f4c87
                                                                                                                                                                                0x004f4ca8
                                                                                                                                                                                0x004f4c81
                                                                                                                                                                                0x004f4c81
                                                                                                                                                                                0x004f4c87
                                                                                                                                                                                0x004f4cb0
                                                                                                                                                                                0x004f4cc5
                                                                                                                                                                                0x004f4cdd
                                                                                                                                                                                0x004f4ce9
                                                                                                                                                                                0x004f4cef
                                                                                                                                                                                0x004f4cfc
                                                                                                                                                                                0x004f4d01
                                                                                                                                                                                0x004f4d18
                                                                                                                                                                                0x004f4d1d
                                                                                                                                                                                0x004f4d2a
                                                                                                                                                                                0x004f4d44
                                                                                                                                                                                0x004f4d6c
                                                                                                                                                                                0x004f4d6c
                                                                                                                                                                                0x004f4d73
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f4d77
                                                                                                                                                                                0x004f4d87
                                                                                                                                                                                0x004f4d5e
                                                                                                                                                                                0x004f4d66
                                                                                                                                                                                0x004f4d66
                                                                                                                                                                                0x004f4d97
                                                                                                                                                                                0x004f4d9f
                                                                                                                                                                                0x004f4daa
                                                                                                                                                                                0x004f4db4

                                                                                                                                                                                APIs
                                                                                                                                                                                • _memset.LIBCMT ref: 004F4BFD
                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(C:\,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004F4C21
                                                                                                                                                                                • _memset.LIBCMT ref: 004F4C44
                                                                                                                                                                                • GetAdaptersInfo.IPHLPAPI(?,?), ref: 004F4C57
                                                                                                                                                                                • _memset.LIBCMT ref: 004F4CC5
                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000104,?,?,?,?,?,?,&moldid=,00000000,?,?,?,?,?), ref: 004F4CDD
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _memset$AdaptersFromInfoInformationStringVolume
                                                                                                                                                                                • String ID: C:\${-}${-}
                                                                                                                                                                                • API String ID: 3941708474-2681429196
                                                                                                                                                                                • Opcode ID: 9a58726a16852a0d2f912c2757c121c5fddf32bc60362700037a8acd9d090b8f
                                                                                                                                                                                • Instruction ID: 2c91b6d981af4eadff72b74c93defabb846fcc535acab3a6063feb5631383c31
                                                                                                                                                                                • Opcode Fuzzy Hash: 9a58726a16852a0d2f912c2757c121c5fddf32bc60362700037a8acd9d090b8f
                                                                                                                                                                                • Instruction Fuzzy Hash: 1A5170749042189BDB24DF94CC51BEEB778AF48714F1042DEE609A72C1EB746A84CF68
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0049D9C0, Relevance: 7.6, APIs: 5, Instructions: 59processCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                                                			E0049D9C0(int __edx, long _a4) {
				int _v8;
				void* _v12;
				signed int _v16;
				int _v556;
				intOrPtr _v572;
				void* _v580;
				signed int _v581;
				int _v588;
				signed int _t28;
				void* _t30;
				struct tagPROCESSENTRY32W* _t33;
				int _t38;
				void* _t40;
				void* _t48;
				void* _t49;
				signed int _t50;

				_t46 = __edx;
				_t28 =  *0x561244; // 0x554c9ad9
				_v16 = _t28 ^ _t50;
				_v8 = 0;
				_t30 = CreateToolhelp32Snapshot(2, 0); // executed
				_v12 = _t30;
				if(_v12 != 0xffffffff) {
					_v580 = 0x22c;
					if(_a4 == 0) {
						_a4 = GetCurrentProcessId();
					}
					_t33 =  &_v580;
					Process32FirstW(_v12, _t33); // executed
					_v581 = _t46;
					while((_v581 & 0x000000ff) != 0) {
						if(_v572 == _a4) {
							_v8 = _v556;
						}
						if(_v8 != 0) {
							L10:
							_v588 = 0;
						} else {
							_t38 = Process32NextW(_v12,  &_v580); // executed
							if(_t38 == 0) {
								goto L10;
							} else {
								_v588 = 1;
							}
						}
						_t46 = _v588;
						_v581 = _v588;
					}
					FindCloseChangeNotification(_v12); // executed
				}
				return E0044F6C8(_v8, _t40, _v16 ^ _t50, _t46, _t48, _t49);
			}



















                                                                                                                                                                                0x0049d9c0
                                                                                                                                                                                0x0049d9c9
                                                                                                                                                                                0x0049d9d0
                                                                                                                                                                                0x0049d9d3
                                                                                                                                                                                0x0049d9de
                                                                                                                                                                                0x0049d9e3
                                                                                                                                                                                0x0049d9ea
                                                                                                                                                                                0x0049d9f0
                                                                                                                                                                                0x0049d9fe
                                                                                                                                                                                0x0049da06
                                                                                                                                                                                0x0049da06
                                                                                                                                                                                0x0049da09
                                                                                                                                                                                0x0049da14
                                                                                                                                                                                0x0049da1e
                                                                                                                                                                                0x0049da24
                                                                                                                                                                                0x0049da38
                                                                                                                                                                                0x0049da40
                                                                                                                                                                                0x0049da40
                                                                                                                                                                                0x0049da47
                                                                                                                                                                                0x0049da69
                                                                                                                                                                                0x0049da69
                                                                                                                                                                                0x0049da49
                                                                                                                                                                                0x0049da54
                                                                                                                                                                                0x0049da5b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0049da5d
                                                                                                                                                                                0x0049da5d
                                                                                                                                                                                0x0049da5d
                                                                                                                                                                                0x0049da5b
                                                                                                                                                                                0x0049da73
                                                                                                                                                                                0x0049da79
                                                                                                                                                                                0x0049da79
                                                                                                                                                                                0x0049da85
                                                                                                                                                                                0x0049da85
                                                                                                                                                                                0x0049da9b

                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 0049D9DE
                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(00000002,00000000), ref: 0049DA00
                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,0000022C), ref: 0049DA14
                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 0049DA54
                                                                                                                                                                                • FindCloseChangeNotification.KERNEL32(00000000,00000002,00000000), ref: 0049DA85
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Process32$ChangeCloseCreateCurrentFindFirstNextNotificationProcessSnapshotToolhelp32
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1594840063-0
                                                                                                                                                                                • Opcode ID: d861248f22b9e8738e682d16beab98e63d0608105bc6e0e536ca83f65de22f70
                                                                                                                                                                                • Instruction ID: 2ab5695731c723cb54ced3e96b23633eb8c252716f13112e9c65ba2f165a2eb0
                                                                                                                                                                                • Opcode Fuzzy Hash: d861248f22b9e8738e682d16beab98e63d0608105bc6e0e536ca83f65de22f70
                                                                                                                                                                                • Instruction Fuzzy Hash: C3211D70D04218EBDF20DFA5C8887EDBBB4AF14304F1441EAE409A7290DB789AD8CF54
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0049F0E0, Relevance: 3.2, APIs: 2, Instructions: 164fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                			E0049F0E0(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v52;
				signed int _v53;
				intOrPtr _v60;
				char _v92;
				void* _v96;
				struct _WIN32_FIND_DATAW _v688;
				char _v689;
				char _v690;
				char _v724;
				char _v725;
				char _v756;
				void* _v788;
				char _v789;
				char _v820;
				char _v821;
				intOrPtr _v828;
				intOrPtr _v832;
				intOrPtr _v836;
				intOrPtr _v840;
				intOrPtr _v844;
				char _v848;
				char _v852;
				signed int _v856;
				signed int _v860;
				signed int _t84;
				signed int _t85;
				void* _t97;
				signed int _t100;
				signed int _t110;
				intOrPtr _t125;
				signed int _t171;
				intOrPtr _t173;
				intOrPtr _t174;
				signed int _t175;
				void* _t176;
				void* _t177;

				_t174 = __esi;
				_t173 = __edi;
				_t125 = __ebx;
				_push(0xffffffff);
				_push(0x50b34f);
				_push( *[fs:0x0]);
				_t177 = _t176 - 0x34c;
				_t84 =  *0x561244; // 0x554c9ad9
				_t85 = _t84 ^ _t175;
				_v20 = _t85;
				_push(_t85);
				 *[fs:0x0] =  &_v16;
				E004175C0(E00434050( &_v689));
				_v8 = 0;
				E004175C0(E00434050( &_v690));
				_v8 = 1;
				_v60 = E0041C5A0(_a4 + 4, 0x5c, 0xffffffff);
				if(_v60 >= 0) {
					__eflags = _a4 + 4;
					_v828 = E00405260(_a4 + 4,  &_v756, 0, _v60 + 1);
					_v832 = _v828;
					_v8 = 3;
					E00409880( &_v52, __eflags, _v832);
					_v8 = 1;
					E004178C0( &_v756);
				} else {
					E00417910(0x52d34c, E00434050( &_v725));
					_v8 = 2;
					E004181D0( &_v52,  &_v724);
					_v8 = 1;
					E004176E0();
				}
				_t97 = FindFirstFileW(E00416A30(_a4 + 4),  &_v688); // executed
				_v96 = _t97;
				_v53 = 1;
				while((_v53 & 0x000000ff) == 1 && _v96 != 0xffffffff) {
					_v836 = E00417910( &(_v688.cFileName), E00434050( &_v789));
					_v840 = _v836;
					_v8 = 4;
					_v844 = _v840;
					if(_v844 == 0) {
						_v848 = 0;
					} else {
						_v848 = _v844 + 4;
					}
					_t182 =  &_v52;
					if( &_v52 == 0) {
						_v852 = 0;
					} else {
						_v852 =  &_v52 + 4;
					}
					_t110 = E00409960( &_v820, _v852, _v848);
					_t177 = _t177 + 0xc;
					_v856 = _t110;
					_v860 = _v856;
					_v8 = 5;
					_t171 = _v860;
					E00409880( &_v92, _t182, _t171);
					_v8 = 4;
					E004178C0( &_v820);
					_v8 = 1;
					E004176E0();
					E00425AB0(_a8, _t182,  &_v92);
					_v53 = _t171 & 0xffffff00 | FindNextFileW(_v96,  &_v688) != 0x00000000;
				}
				FindClose(_v96); // executed
				_t100 = E00447780(_a8);
				__eflags = 0 - _t100;
				asm("sbb eax, eax");
				_v821 =  ~_t100;
				_v8 = 0;
				E004176E0();
				_v8 = 0xffffffff;
				E004176E0();
				 *[fs:0x0] = _v16;
				__eflags = _v20 ^ _t175;
				return E0044F6C8(_v821, _t125, _v20 ^ _t175, 0, _t173, _t174);
			}










































                                                                                                                                                                                0x0049f0e0
                                                                                                                                                                                0x0049f0e0
                                                                                                                                                                                0x0049f0e0
                                                                                                                                                                                0x0049f0e3
                                                                                                                                                                                0x0049f0e5
                                                                                                                                                                                0x0049f0f0
                                                                                                                                                                                0x0049f0f1
                                                                                                                                                                                0x0049f0f7
                                                                                                                                                                                0x0049f0fc
                                                                                                                                                                                0x0049f0fe
                                                                                                                                                                                0x0049f101
                                                                                                                                                                                0x0049f105
                                                                                                                                                                                0x0049f11a
                                                                                                                                                                                0x0049f11f
                                                                                                                                                                                0x0049f135
                                                                                                                                                                                0x0049f13a
                                                                                                                                                                                0x0049f14d
                                                                                                                                                                                0x0049f154
                                                                                                                                                                                0x0049f1a9
                                                                                                                                                                                0x0049f1b1
                                                                                                                                                                                0x0049f1bd
                                                                                                                                                                                0x0049f1c3
                                                                                                                                                                                0x0049f1d1
                                                                                                                                                                                0x0049f1d6
                                                                                                                                                                                0x0049f1e0
                                                                                                                                                                                0x0049f156
                                                                                                                                                                                0x0049f16d
                                                                                                                                                                                0x0049f172
                                                                                                                                                                                0x0049f180
                                                                                                                                                                                0x0049f185
                                                                                                                                                                                0x0049f18f
                                                                                                                                                                                0x0049f18f
                                                                                                                                                                                0x0049f1f8
                                                                                                                                                                                0x0049f1fe
                                                                                                                                                                                0x0049f201
                                                                                                                                                                                0x0049f220
                                                                                                                                                                                0x0049f255
                                                                                                                                                                                0x0049f261
                                                                                                                                                                                0x0049f267
                                                                                                                                                                                0x0049f271
                                                                                                                                                                                0x0049f27e
                                                                                                                                                                                0x0049f291
                                                                                                                                                                                0x0049f280
                                                                                                                                                                                0x0049f289
                                                                                                                                                                                0x0049f289
                                                                                                                                                                                0x0049f29e
                                                                                                                                                                                0x0049f2a0
                                                                                                                                                                                0x0049f2b0
                                                                                                                                                                                0x0049f2a2
                                                                                                                                                                                0x0049f2a8
                                                                                                                                                                                0x0049f2a8
                                                                                                                                                                                0x0049f2cf
                                                                                                                                                                                0x0049f2d4
                                                                                                                                                                                0x0049f2d7
                                                                                                                                                                                0x0049f2e3
                                                                                                                                                                                0x0049f2e9
                                                                                                                                                                                0x0049f2ed
                                                                                                                                                                                0x0049f2f7
                                                                                                                                                                                0x0049f2fc
                                                                                                                                                                                0x0049f306
                                                                                                                                                                                0x0049f30b
                                                                                                                                                                                0x0049f315
                                                                                                                                                                                0x0049f321
                                                                                                                                                                                0x0049f21d
                                                                                                                                                                                0x0049f21d
                                                                                                                                                                                0x0049f32f
                                                                                                                                                                                0x0049f338
                                                                                                                                                                                0x0049f33f
                                                                                                                                                                                0x0049f341
                                                                                                                                                                                0x0049f345
                                                                                                                                                                                0x0049f34b
                                                                                                                                                                                0x0049f352
                                                                                                                                                                                0x0049f357
                                                                                                                                                                                0x0049f361
                                                                                                                                                                                0x0049f36f
                                                                                                                                                                                0x0049f37a
                                                                                                                                                                                0x0049f384

                                                                                                                                                                                APIs
                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,?,?,00000000,-00000001,0000005C,000000FF,00000000,00000000,554C9AD9), ref: 0049F1F8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileFindFirst
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1974802433-0
                                                                                                                                                                                • Opcode ID: 5de818899b0a3010906c9b5132d837bba87671e860210852b4365147f3a0f73f
                                                                                                                                                                                • Instruction ID: cc1ef078bf7205146ab4a592bcf7a98bcf4aa0962d6995632bada8dfdccf46d9
                                                                                                                                                                                • Opcode Fuzzy Hash: 5de818899b0a3010906c9b5132d837bba87671e860210852b4365147f3a0f73f
                                                                                                                                                                                • Instruction Fuzzy Hash: 03716D70914258DFDB19DBA5CC94BEDBBB8AF14304F1441EEE00AA7291DB382B88CF55
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004DFFD0, Relevance: 51.6, APIs: 5, Strings: 24, Instructions: 823COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 0 4dffd0-4e0043 call 434050 call 4175c0 call 434050 call 4175c0 call 4d6610 11 4e0045-4e0051 0->11 12 4e0053 0->12 13 4e005d-4e00f6 call 409760 call 409880 call 4178c0 call 4fdb00 call 4181d0 call 4176e0 call 416630 11->13 12->13 28 4e00f8-4e00fd 13->28 29 4e0166-4e01a2 call 4228a0 call 483530 13->29 31 4e00ff-4e010b 28->31 32 4e010d 28->32 40 4e01a4-4e01b3 29->40 41 4e01b5 29->41 34 4e0117-4e0161 call 409760 call 405120 call 4178c0 31->34 32->34 34->29 43 4e01bf-4e0262 call 409760 call 405120 call 4178c0 call 4176e0 call 434050 call 417910 40->43 41->43 57 4e0264-4e0273 43->57 58 4e0275 43->58 59 4e027f-4e0300 call 4f4dc0 call 4098d0 call 405120 call 4178c0 call 4176e0 call 49d9c0 * 2 call 496160 57->59 58->59 76 4e0306-4e034b call 434050 call 417910 59->76 77 4e03d1-4e04d0 call 434050 call 417910 call 501ce0 call 501530 call 490220 call 490d50 call 404760 call 4dcb20 call 4d4bc0 call 416a30 call 48cc50 call 484ea0 call 47f670 call 416600 call 4176e0 call 4224b0 call 4176e0 59->77 87 4e035e 76->87 88 4e034d-4e035c 76->88 128 4e04d2-4e04de 77->128 129 4e04e0 77->129 89 4e0368-4e03cc call 416a30 PathFindFileNameW call 4098d0 call 405120 call 4178c0 call 4176e0 87->89 88->89 89->77 130 4e04ea-4e0531 call 405120 call 482b50 128->130 129->130 135 4e0544 130->135 136 4e0533-4e0542 130->136 137 4e054e-4e0586 call 483160 135->137 136->137 140 4e0588-4e0597 137->140 141 4e0599 137->141 142 4e05a3-4e06c2 call 409760 call 4098d0 call 409960 call 405120 call 4178c0 * 3 call 4176e0 * 2 call 4160e0 call 416630 140->142 141->142 166 4e06c4-4e06c9 142->166 167 4e0732-4e0786 call 494af0 call 404820 call 423be0 call 404820 call 4d4c10 call 416600 142->167 168 4e06cb-4e06d7 166->168 169 4e06d9 166->169 188 4e0788-4e0794 167->188 189 4e0796 167->189 172 4e06e3-4e072d call 409760 call 405120 call 4178c0 168->172 169->172 172->167 190 4e07a0-4e07ff call 405120 call 4956b0 call 4181d0 call 4176e0 call 416630 188->190 189->190 201 4e0888-4e08c0 call 4d7b30 190->201 202 4e0805-4e081f call 416a30 call 4a0280 190->202 207 4e08c2-4e08d1 201->207 208 4e08d3 201->208 213 4e082f 202->213 214 4e0821-4e082d 202->214 210 4e08dd-4e0909 call 405120 call 4176e0 call 4d2f80 207->210 208->210 225 4e090b-4e0910 210->225 226 4e0979-4e0982 210->226 216 4e0839-4e0883 call 409760 call 405120 call 4178c0 213->216 214->216 216->201 228 4e0912-4e091e 225->228 229 4e0920 225->229 230 4e0984-4e098c call 4130d0 226->230 231 4e0991-4e09a6 call 4cb910 226->231 232 4e092a-4e0974 call 409760 call 405120 call 4178c0 228->232 229->232 230->231 237 4e09a8-4e09b0 call 4130d0 231->237 238 4e09b5-4e09bf call 494a70 231->238 232->226 237->238 245 4e09ce-4e09e3 call 4cb910 238->245 246 4e09c1-4e09c9 call 4130d0 238->246 251 4e09e5-4e09ed call 4130d0 245->251 252 4e09f2-4e0a05 call 502490 245->252 246->245 251->252 256 4e0a07-4e0a13 252->256 257 4e0a15 252->257 258 4e0a1f-4e0aa6 call 409760 call 405120 call 4178c0 call 4df870 256->258 257->258 267 4e0aa8-4e0ab7 258->267 268 4e0ab9 258->268 269 4e0ac3-4e0aeb call 405120 call 4176e0 call 4953b0 267->269 268->269 276 4e0aed-4e0af7 269->276 277 4e0af9 269->277 278 4e0b03-4e0b19 call 4130d0 276->278 277->278 281 4e0b2b 278->281 282 4e0b1b-4e0b29 278->282 283 4e0b35-4e0b8e call 409760 call 405120 call 4178c0 call 503f30 281->283 282->283 292 4e0c02-4e0c0c call 423810 283->292 293 4e0b90-4e0b97 283->293 300 4e0c0e-4e0c23 call 4240a0 call 4130a0 * 2 292->300 301 4e0c28-4e0c3e call 4e7a30 call 4e7a50 292->301 294 4e0ba9 293->294 295 4e0b99-4e0ba7 293->295 297 4e0bb3-4e0bfd call 409760 call 405120 call 4178c0 294->297 295->297 297->292 300->301 312 4e0c43-4e0c6c 301->312 315 4e0c6e-4e0c7d 312->315 316 4e0c7f 312->316 317 4e0c89-4e0d41 call 409760 call 405120 call 4178c0 call 4176e0 call 417660 call 4e7a10 call 4176e0 * 2 call 44f6c8 315->317 316->317
                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                			E004DFFD0(void* __ebx, void* __edi, void* __esi, char _a4) {
				char _v8;
				char _v16;
				char _v20;
				signed int _v24;
				char _v52;
				char _v56;
				char _v84;
				char _v88;
				char _v89;
				char _v90;
				char _v120;
				char _v152;
				char _v180;
				char _v212;
				char _v240;
				void* _v272;
				char _v273;
				char _v304;
				void* _v336;
				char _v337;
				char _v368;
				char _v400;
				char _v401;
				char _v448;
				char _v480;
				char _v512;
				char _v544;
				char _v572;
				char _v600;
				char _v628;
				char _v656;
				char _v688;
				char _v716;
				char _v748;
				char _v776;
				char _v804;
				char _v836;
				char _v864;
				char _v892;
				char _v924;
				char _v952;
				signed int _v956;
				char _v960;
				intOrPtr _v964;
				intOrPtr _v968;
				intOrPtr _v972;
				intOrPtr _v976;
				char _v980;
				intOrPtr _v984;
				intOrPtr _v988;
				intOrPtr _v992;
				intOrPtr _v996;
				intOrPtr _v1000;
				char _v1004;
				intOrPtr _v1008;
				intOrPtr _v1012;
				intOrPtr _v1016;
				intOrPtr _v1020;
				intOrPtr _v1024;
				char _v1028;
				intOrPtr _v1032;
				intOrPtr _v1036;
				intOrPtr _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				char _v1052;
				intOrPtr _v1056;
				intOrPtr _v1060;
				intOrPtr _v1064;
				intOrPtr _v1068;
				intOrPtr _v1072;
				intOrPtr _v1076;
				char _v1080;
				intOrPtr _v1084;
				intOrPtr _v1088;
				intOrPtr _v1092;
				char _v1096;
				intOrPtr _v1100;
				intOrPtr _v1104;
				intOrPtr _v1108;
				char _v1112;
				intOrPtr _v1116;
				intOrPtr _v1120;
				intOrPtr _v1124;
				intOrPtr _v1128;
				intOrPtr _v1132;
				intOrPtr _v1136;
				char _v1140;
				intOrPtr _v1144;
				intOrPtr _v1148;
				char _v1152;
				intOrPtr _v1156;
				intOrPtr _v1160;
				char _v1164;
				intOrPtr _v1168;
				intOrPtr _v1172;
				intOrPtr _v1176;
				intOrPtr _v1180;
				intOrPtr _v1184;
				char _v1188;
				char _v1192;
				intOrPtr _v1196;
				intOrPtr _v1200;
				char _v1204;
				intOrPtr _v1208;
				intOrPtr _v1212;
				intOrPtr _v1216;
				intOrPtr _v1220;
				intOrPtr _v1224;
				char _v1228;
				char* _v1232;
				char _v1236;
				intOrPtr _v1240;
				intOrPtr _v1244;
				char _v1248;
				intOrPtr _v1252;
				intOrPtr _v1256;
				intOrPtr _v1260;
				intOrPtr _v1264;
				intOrPtr _v1268;
				char _v1272;
				intOrPtr _v1276;
				intOrPtr _v1280;
				signed int _t387;
				signed int _t388;
				intOrPtr _t401;
				void* _t406;
				intOrPtr _t407;
				intOrPtr _t410;
				void* _t417;
				void* _t423;
				void* _t424;
				void* _t425;
				intOrPtr _t432;
				void* _t438;
				intOrPtr _t447;
				intOrPtr _t449;
				intOrPtr _t456;
				intOrPtr* _t464;
				intOrPtr _t475;
				intOrPtr _t478;
				signed char _t482;
				intOrPtr _t483;
				void* _t488;
				intOrPtr _t500;
				signed char _t503;
				intOrPtr _t507;
				signed char _t512;
				intOrPtr _t515;
				void* _t531;
				intOrPtr _t534;
				intOrPtr _t547;
				intOrPtr _t555;
				intOrPtr _t561;
				intOrPtr _t573;
				intOrPtr _t580;
				void* _t586;
				intOrPtr _t646;
				intOrPtr _t747;
				intOrPtr _t748;
				void* _t790;
				void* _t791;
				signed int _t792;
				void* _t793;
				void* _t795;
				void* _t797;
				void* _t798;
				void* _t802;
				void* _t805;
				void* _t806;
				void* _t807;
				void* _t810;
				void* _t811;
				void* _t812;
				void* _t813;
				void* _t814;
				void* _t815;
				void* _t817;
				void* _t818;
				void* _t820;

				_t791 = __esi;
				_t790 = __edi;
				_t586 = __ebx;
				_push(0xffffffff);
				_push(0x51279e);
				_push( *[fs:0x0]);
				_t387 =  *0x561244; // 0x554c9ad9
				_t388 = _t387 ^ _t792;
				_v24 = _t388;
				_push(_t388);
				 *[fs:0x0] =  &_v16;
				_v956 = 0;
				E004175C0(E00434050( &_v89));
				_v8 = 1;
				E004175C0(E00434050( &_v90));
				_v8 = 2;
				E004D6610( &_v56);
				_t795 = _t793 - 0x4f0 + 4;
				_t821 =  &_v56;
				if( &_v56 == 0) {
					_v960 = 0;
				} else {
					_v960 =  &_v56 + 4;
				}
				_v964 = E00409760( &_v120, L"ver=", _v960);
				_v968 = _v964;
				_v8 = 3;
				E00409880( &_v88, _t821, _v968);
				_v8 = 2;
				E004178C0( &_v120);
				_t401 = E004FDB00(_t586, _t790, _t791, _t821,  &_v152);
				_t797 = _t795 + 0x10;
				_v972 = _t401;
				_v976 = _v972;
				_v8 = 4;
				E004181D0( &_v56, _v976);
				_v8 = 2;
				E004176E0();
				if((E00416630( &_v52) & 0x000000ff) == 0) {
					_t823 =  &_v56;
					if( &_v56 == 0) {
						_v980 = 0;
					} else {
						_v980 =  &_v56 + 4;
					}
					_t580 = E00409760( &_v180, "&", _v980);
					_t797 = _t797 + 0xc;
					_v984 = _t580;
					_v988 = _v984;
					_v8 = 5;
					E00405120( &_v84, _v988);
					_v8 = 2;
					E004178C0( &_v180);
				}
				_t406 = E004228A0(); // executed
				_t407 = E00483530(_t586, _t406, _t790, _t791, _t823,  &_v212); // executed
				_v992 = _t407;
				_v996 = _v992;
				_v8 = 6;
				_v1000 = _v996;
				if(_v1000 == 0) {
					_v1004 = 0;
				} else {
					_v1004 = _v1000 + 4;
				}
				_t410 = E00409760( &_v240, L"&mntrId=", _v1004);
				_t798 = _t797 + 0xc;
				_v1008 = _t410;
				_v1012 = _v1008;
				_v8 = 7;
				E00405120( &_v84, _v1012);
				_v8 = 6;
				E004178C0( &_v240);
				_v8 = 2;
				E004176E0();
				_v1016 = E00417910(L"&moldid=", E00434050( &_v273));
				_v1020 = _v1016;
				_v8 = 8;
				_v1024 = _v1020;
				_t825 = _v1024;
				if(_v1024 == 0) {
					_v1028 = 0;
				} else {
					_v1028 = _v1024 + 4;
				}
				_t417 = E004F4DC0(_t586, _t790, _t791); // executed
				_v1032 = E004098D0( &_v304, _v1028, _t417);
				_v1036 = _v1032;
				_v8 = 9;
				E00405120( &_v84, _v1036);
				_v8 = 8;
				E004178C0( &_v304);
				_v8 = 2;
				E004176E0();
				_t423 = E0049D9C0( &_v56, 0); // executed
				_t424 = E0049D9C0( &_v56, _t423); // executed
				_t425 = E00496160(_t586, _t790, _t791, _t825, _t424,  &_v56); // executed
				_t802 = _t798 + 0x1c;
				if(_t425 != 0) {
					_v1040 = E00417910(L"&sufn=", E00434050( &_v337));
					_v1044 = _v1040;
					_v8 = 0xa;
					_v1048 = _v1044;
					_t827 = _v1048;
					if(_v1048 == 0) {
						_v1052 = 0;
					} else {
						_v1052 = _v1048 + 4;
					}
					_t573 = E004098D0( &_v368, _v1052, PathFindFileNameW(E00416A30( &_v52)));
					_t802 = _t802 + 0xc;
					_v1056 = _t573;
					_v1060 = _v1056;
					_v8 = 0xb;
					E00405120( &_v84, _v1060);
					_v8 = 0xa;
					E004178C0( &_v368);
					_v8 = 2;
					E004176E0();
				}
				E00417910(L"WBR", E00434050( &_v401));
				_v8 = 0xc;
				_v1064 = E00501530(E00501CE0(), _t827,  &_v448,  &_v400);
				_v1068 = _v1064;
				_v8 = 0xd;
				_t432 = E00490D50(_t586, E00490220(), _t790, _t791, _t827,  &_v480); // executed
				_v1072 = _t432;
				_v1076 = _v1072;
				_v8 = 0xe;
				_push(E00404760(_v1068, 7));
				_push(E004D4BC0(E004DCB20(_t586, _t790, _t791, _t827)));
				_push(E00416A30(_v1076 + 4));
				_push(E0048CC50(_t586, _t790, _t791)); // executed
				_t438 = E00484EA0(_t586, _t790, _t791); // executed
				_push(_t438);
				E00416600(_v1076 + 4,  &_v56, L"&iev=%d&ffv=%d&crv=%d&dwb=%s&dlb=%s&wbr=%d", E0047F670(_t586, _t790, _t791, 0));
				_t805 = _t802 + 0x28;
				_v8 = 0xd;
				E004176E0();
				_v8 = 0xc;
				E004224B0();
				_v8 = 2;
				E004176E0();
				_t828 =  &_v56;
				if( &_v56 == 0) {
					_v1080 = 0;
				} else {
					_v1080 =  &_v56 + 4;
				}
				E00405120( &_v84, _v1080);
				_t447 = E00482B50(_t586, _t790, _t791, _t828,  &_v512); // executed
				_t806 = _t805 + 4;
				_v1084 = _t447;
				_v1088 = _v1084;
				_v8 = 0xf;
				_v1092 = _v1088;
				_t829 = _v1092;
				if(_v1092 == 0) {
					_v1096 = 0;
				} else {
					_v1096 = _v1092 + 4;
				}
				_t449 = E00483160(_t586,  &_v544, _t790, _t791, _t829,  &_v544); // executed
				_t807 = _t806 + 4;
				_v1100 = _t449;
				_v1104 = _v1100;
				_v8 = 0x10;
				_v1108 = _v1104;
				if(_v1108 == 0) {
					_v1112 = 0;
				} else {
					_v1112 = _v1108 + 4;
				}
				_v1116 = E00409760( &_v572, L"&ibprs=", _v1112);
				_v1120 = _v1116;
				_v8 = 0x11;
				_v1124 = E004098D0( &_v600, _v1120, L"&ibprv=");
				_v1128 = _v1124;
				_v8 = 0x12;
				_t456 = E00409960( &_v628, _v1128, _v1096);
				_t810 = _t807 + 0x24;
				_v1132 = _t456;
				_v1136 = _v1132;
				_v8 = 0x13;
				E00405120( &_v84, _v1136);
				_v8 = 0x12;
				E004178C0( &_v628);
				_v8 = 0x11;
				E004178C0( &_v600);
				_v8 = 0x10;
				E004178C0( &_v572);
				_v8 = 0xf;
				E004176E0();
				_v8 = 2;
				E004176E0();
				_t464 =  *0x5bde00; // 0x336a7b8
				E004160E0( *((intOrPtr*)( *((intOrPtr*)( *_t464 + 0x2c))))( &_v56, 1), 0xe, 0xe);
				if((E00416630( &_v52) & 0x000000ff) == 0) {
					if( &_v56 == 0) {
						_v1140 = 0;
					} else {
						_v1140 =  &_v56 + 4;
					}
					_t561 = E00409760( &_v656, L"&test=", _v1140);
					_t810 = _t810 + 0xc;
					_v1144 = _t561;
					_v1148 = _v1144;
					_v8 = 0x14;
					E00405120( &_v84, _v1148);
					_v8 = 2;
					E004178C0( &_v656);
				}
				_push(E00494AF0());
				_t747 =  *0x5bdd3c; // 0xff676980
				_push(_t747);
				_push(E00423BE0(E00404820()) & 0x0000ffff);
				_push(E004D4C10(E00404820()));
				_t646 =  *0x5be030; // 0x0
				_push(_t646);
				_t748 =  *0x5bdd2c; // 0x42
				_push(_t748);
				_t475 =  *0x5bb6b8; // 0x32
				E00416600( &_v56,  &_v56, L"&sutp=%d&sufl=%d&tbp=%d&prver=%d&minreq=%d&dtct=%d&wvr=%d", _t475);
				_t811 = _t810 + 0x24;
				if( &_v56 == 0) {
					_v1152 = 0;
				} else {
					_v1152 =  &_v56 + 4;
				}
				E00405120( &_v84, _v1152);
				_t478 = E004956B0(_t586,  &_v688, _t790, _t791,  &_v688); // executed
				_t812 = _t811 + 4;
				_v1156 = _t478;
				_v1160 = _v1156;
				_v8 = 0x15;
				E004181D0( &_v56, _v1160);
				_v8 = 2;
				E004176E0();
				_t482 = E00416630( &_v52);
				_t751 = _t482 & 0x000000ff;
				_t834 = _t482 & 0x000000ff;
				if((_t482 & 0x000000ff) == 0) {
					E004A0280(_t586, _t751, _t790, _t791, _t834, E00416A30( &_v52),  &_v56);
					_t820 = _t812 + 8;
					if( &_v56 == 0) {
						_v1164 = 0;
					} else {
						_v1164 =  &_v56 + 4;
					}
					_t555 = E00409760( &_v716, L"&avr=", _v1164);
					_t812 = _t820 + 0xc;
					_v1168 = _t555;
					_v1172 = _v1168;
					_v8 = 0x16;
					E00405120( &_v84, _v1172);
					_v8 = 2;
					E004178C0( &_v716);
				}
				_t483 = E004D7B30(_t586, _t790, _t791,  &_v748);
				_t813 = _t812 + 4;
				_v1176 = _t483;
				_v1180 = _v1176;
				_v8 = 0x17;
				_v1184 = _v1180;
				if(_v1184 == 0) {
					_v1188 = 0;
				} else {
					_v1188 = _v1184 + 4;
				}
				E00405120( &_v84, _v1188);
				_v8 = 2;
				E004176E0();
				_t488 = E004D2F80(_t586, _t790, _t791,  &_v56); // executed
				_t814 = _t813 + 4;
				if(_t488 > 0) {
					if( &_v56 == 0) {
						_v1192 = 0;
					} else {
						_v1192 =  &_v56 + 4;
					}
					_t547 = E00409760( &_v776, L"&tbtp=", _v1192);
					_t814 = _t814 + 0xc;
					_v1196 = _t547;
					_v1200 = _v1196;
					_v8 = 0x18;
					E00405120( &_v84, _v1200);
					_v8 = 2;
					E004178C0( &_v776);
				}
				if(( *0x5bdd29 & 0x000000ff) != 0) {
					E004130D0( &_v84, L"&tbinst=1");
				}
				if((E004CB910(0x5be390, 0xc, 0x52, 0) & 0x000000ff) != 0) {
					E004130D0( &_v84, L"&notc=1");
				}
				if((E00494A70(_t586, _t791) & 0x000000ff) != 0) {
					E004130D0( &_v84, L"&w64=1");
				}
				if((E004CB910(0x5be390, 0xc, 0x5a, 0) & 0x000000ff) != 0) {
					E004130D0( &_v84, L"&noupgrd=1");
				}
				E00502490(_t586, _t790, _t791,  &_v56, 0);
				_t815 = _t814 + 8;
				if( &_v56 == 0) {
					_v1204 = 0;
				} else {
					_v1204 =  &_v56 + 4;
				}
				_v1208 = E00409760( &_v804, L"&cntry=", _v1204);
				_v1212 = _v1208;
				_v8 = 0x19;
				E00405120( &_v84, _v1212);
				_v8 = 2;
				E004178C0( &_v804);
				_t500 = E004DF870(_t586, _t790, _t791,  &_v836);
				_t817 = _t815 + 0x10;
				_v1216 = _t500;
				_v1220 = _v1216;
				_v8 = 0x1a;
				_v1224 = _v1220;
				_t844 = _v1224;
				if(_v1224 == 0) {
					_v1228 = 0;
				} else {
					_v1228 = _v1224 + 4;
				}
				E00405120( &_v84, _v1228);
				_v8 = 2;
				E004176E0(); // executed
				_t503 = E004953B0(_t844); // executed
				if((_t503 & 0x000000ff) == 0) {
					_v1232 = L"&uac=0";
				} else {
					_v1232 = L"&uac=1";
				}
				_t320 =  &_v1232; // 0x536268
				E004130D0( &_v84,  *_t320);
				if(0x5be010 == 0) {
					_v1236 = 0;
				} else {
					_v1236 = 0x5be014;
				}
				_t507 = E00409760( &_v864, L"&osp=", _v1236);
				_t818 = _t817 + 0xc;
				_v1240 = _t507;
				_v1244 = _v1240;
				_v8 = 0x1b;
				E00405120( &_v84, _v1244);
				_v8 = 2;
				E004178C0( &_v864);
				if((E00503F30( &_v864, 0x5be010) & 0x000000ff) != 0) {
					if(0x5bded8 == 0) {
						_v1248 = 0;
					} else {
						_v1248 = 0x5bdedc;
					}
					_t534 = E00409760( &_v892, L"&gloss=", _v1248);
					_t818 = _t818 + 0xc;
					_v1252 = _t534;
					_v1256 = _v1252;
					_v8 = 0x1c;
					E00405120( &_v84, _v1256);
					_v8 = 2;
					E004178C0( &_v892);
				}
				_t512 = E00423810(0x5bded8);
				_t849 = _t512 & 0x000000ff;
				if((_t512 & 0x000000ff) != 0) {
					_t531 = E004240A0();
					E004130A0(_t586, E004130A0(_t586,  &_v84, _t790, _t791, L"&voices="), _t790, _t791, _t531);
				}
				E004E7A30( &_v20);
				_v8 = 0x1d;
				_t515 = E004E7A50(_t586,  &_v20, _t790, _t791, _t849,  &_v924); // executed
				_v1260 = _t515;
				_v1264 = _v1260;
				_v8 = 0x1e;
				_v1268 = _v1264;
				if(_v1268 == 0) {
					_v1272 = 0;
				} else {
					_v1272 = _v1268 + 4;
				}
				_v1276 = E00409760( &_v952, L"&dnt=", _v1272);
				_v1280 = _v1276;
				_v8 = 0x1f;
				E00405120( &_v84, _v1280);
				_v8 = 0x1e;
				E004178C0( &_v952);
				_v8 = 0x1d;
				E004176E0();
				E00417660(_a4,  &_v88);
				_v956 = _v956 | 0x00000001;
				_v8 = 2;
				E004E7A10( &_v20);
				_v8 = 1;
				E004176E0();
				_v8 = 0;
				E004176E0();
				_t383 =  &_a4; // 0x4e272f
				 *[fs:0x0] = _v16;
				return E0044F6C8( *_t383, _t586, _v24 ^ _t792,  &_v88, _t790, _t791);
			}























































































































































































                                                                                                                                                                                0x004dffd0
                                                                                                                                                                                0x004dffd0
                                                                                                                                                                                0x004dffd0
                                                                                                                                                                                0x004dffd3
                                                                                                                                                                                0x004dffd5
                                                                                                                                                                                0x004dffe0
                                                                                                                                                                                0x004dffe7
                                                                                                                                                                                0x004dffec
                                                                                                                                                                                0x004dffee
                                                                                                                                                                                0x004dfff1
                                                                                                                                                                                0x004dfff5
                                                                                                                                                                                0x004dfffb
                                                                                                                                                                                0x004e0011
                                                                                                                                                                                0x004e0016
                                                                                                                                                                                0x004e0029
                                                                                                                                                                                0x004e002e
                                                                                                                                                                                0x004e0036
                                                                                                                                                                                0x004e003b
                                                                                                                                                                                0x004e0041
                                                                                                                                                                                0x004e0043
                                                                                                                                                                                0x004e0053
                                                                                                                                                                                0x004e0045
                                                                                                                                                                                0x004e004b
                                                                                                                                                                                0x004e004b
                                                                                                                                                                                0x004e0075
                                                                                                                                                                                0x004e0081
                                                                                                                                                                                0x004e0087
                                                                                                                                                                                0x004e0095
                                                                                                                                                                                0x004e009a
                                                                                                                                                                                0x004e00a1
                                                                                                                                                                                0x004e00ad
                                                                                                                                                                                0x004e00b2
                                                                                                                                                                                0x004e00b5
                                                                                                                                                                                0x004e00c1
                                                                                                                                                                                0x004e00c7
                                                                                                                                                                                0x004e00d5
                                                                                                                                                                                0x004e00da
                                                                                                                                                                                0x004e00e4
                                                                                                                                                                                0x004e00f6
                                                                                                                                                                                0x004e00fb
                                                                                                                                                                                0x004e00fd
                                                                                                                                                                                0x004e010d
                                                                                                                                                                                0x004e00ff
                                                                                                                                                                                0x004e0105
                                                                                                                                                                                0x004e0105
                                                                                                                                                                                0x004e012a
                                                                                                                                                                                0x004e012f
                                                                                                                                                                                0x004e0132
                                                                                                                                                                                0x004e013e
                                                                                                                                                                                0x004e0144
                                                                                                                                                                                0x004e0152
                                                                                                                                                                                0x004e0157
                                                                                                                                                                                0x004e0161
                                                                                                                                                                                0x004e0161
                                                                                                                                                                                0x004e016d
                                                                                                                                                                                0x004e0174
                                                                                                                                                                                0x004e0179
                                                                                                                                                                                0x004e0185
                                                                                                                                                                                0x004e018b
                                                                                                                                                                                0x004e0195
                                                                                                                                                                                0x004e01a2
                                                                                                                                                                                0x004e01b5
                                                                                                                                                                                0x004e01a4
                                                                                                                                                                                0x004e01ad
                                                                                                                                                                                0x004e01ad
                                                                                                                                                                                0x004e01d2
                                                                                                                                                                                0x004e01d7
                                                                                                                                                                                0x004e01da
                                                                                                                                                                                0x004e01e6
                                                                                                                                                                                0x004e01ec
                                                                                                                                                                                0x004e01fa
                                                                                                                                                                                0x004e01ff
                                                                                                                                                                                0x004e0209
                                                                                                                                                                                0x004e020e
                                                                                                                                                                                0x004e0218
                                                                                                                                                                                0x004e0239
                                                                                                                                                                                0x004e0245
                                                                                                                                                                                0x004e024b
                                                                                                                                                                                0x004e0255
                                                                                                                                                                                0x004e025b
                                                                                                                                                                                0x004e0262
                                                                                                                                                                                0x004e0275
                                                                                                                                                                                0x004e0264
                                                                                                                                                                                0x004e026d
                                                                                                                                                                                0x004e026d
                                                                                                                                                                                0x004e027f
                                                                                                                                                                                0x004e029b
                                                                                                                                                                                0x004e02a7
                                                                                                                                                                                0x004e02ad
                                                                                                                                                                                0x004e02bb
                                                                                                                                                                                0x004e02c0
                                                                                                                                                                                0x004e02ca
                                                                                                                                                                                0x004e02cf
                                                                                                                                                                                0x004e02d9
                                                                                                                                                                                0x004e02e4
                                                                                                                                                                                0x004e02ed
                                                                                                                                                                                0x004e02f6
                                                                                                                                                                                0x004e02fb
                                                                                                                                                                                0x004e0300
                                                                                                                                                                                0x004e0322
                                                                                                                                                                                0x004e032e
                                                                                                                                                                                0x004e0334
                                                                                                                                                                                0x004e033e
                                                                                                                                                                                0x004e0344
                                                                                                                                                                                0x004e034b
                                                                                                                                                                                0x004e035e
                                                                                                                                                                                0x004e034d
                                                                                                                                                                                0x004e0356
                                                                                                                                                                                0x004e0356
                                                                                                                                                                                0x004e0386
                                                                                                                                                                                0x004e038b
                                                                                                                                                                                0x004e038e
                                                                                                                                                                                0x004e039a
                                                                                                                                                                                0x004e03a0
                                                                                                                                                                                0x004e03ae
                                                                                                                                                                                0x004e03b3
                                                                                                                                                                                0x004e03bd
                                                                                                                                                                                0x004e03c2
                                                                                                                                                                                0x004e03cc
                                                                                                                                                                                0x004e03cc
                                                                                                                                                                                0x004e03e8
                                                                                                                                                                                0x004e03ed
                                                                                                                                                                                0x004e040b
                                                                                                                                                                                0x004e0417
                                                                                                                                                                                0x004e041d
                                                                                                                                                                                0x004e042f
                                                                                                                                                                                0x004e0434
                                                                                                                                                                                0x004e0440
                                                                                                                                                                                0x004e0446
                                                                                                                                                                                0x004e0457
                                                                                                                                                                                0x004e0466
                                                                                                                                                                                0x004e0475
                                                                                                                                                                                0x004e047b
                                                                                                                                                                                0x004e047c
                                                                                                                                                                                0x004e0481
                                                                                                                                                                                0x004e0496
                                                                                                                                                                                0x004e049b
                                                                                                                                                                                0x004e049e
                                                                                                                                                                                0x004e04a8
                                                                                                                                                                                0x004e04ad
                                                                                                                                                                                0x004e04b7
                                                                                                                                                                                0x004e04bc
                                                                                                                                                                                0x004e04c6
                                                                                                                                                                                0x004e04ce
                                                                                                                                                                                0x004e04d0
                                                                                                                                                                                0x004e04e0
                                                                                                                                                                                0x004e04d2
                                                                                                                                                                                0x004e04d8
                                                                                                                                                                                0x004e04d8
                                                                                                                                                                                0x004e04f4
                                                                                                                                                                                0x004e0500
                                                                                                                                                                                0x004e0505
                                                                                                                                                                                0x004e0508
                                                                                                                                                                                0x004e0514
                                                                                                                                                                                0x004e051a
                                                                                                                                                                                0x004e0524
                                                                                                                                                                                0x004e052a
                                                                                                                                                                                0x004e0531
                                                                                                                                                                                0x004e0544
                                                                                                                                                                                0x004e0533
                                                                                                                                                                                0x004e053c
                                                                                                                                                                                0x004e053c
                                                                                                                                                                                0x004e0555
                                                                                                                                                                                0x004e055a
                                                                                                                                                                                0x004e055d
                                                                                                                                                                                0x004e0569
                                                                                                                                                                                0x004e056f
                                                                                                                                                                                0x004e0579
                                                                                                                                                                                0x004e0586
                                                                                                                                                                                0x004e0599
                                                                                                                                                                                0x004e0588
                                                                                                                                                                                0x004e0591
                                                                                                                                                                                0x004e0591
                                                                                                                                                                                0x004e05be
                                                                                                                                                                                0x004e05ca
                                                                                                                                                                                0x004e05d0
                                                                                                                                                                                0x004e05ef
                                                                                                                                                                                0x004e05fb
                                                                                                                                                                                0x004e0601
                                                                                                                                                                                0x004e061a
                                                                                                                                                                                0x004e061f
                                                                                                                                                                                0x004e0622
                                                                                                                                                                                0x004e062e
                                                                                                                                                                                0x004e0634
                                                                                                                                                                                0x004e0642
                                                                                                                                                                                0x004e0647
                                                                                                                                                                                0x004e0651
                                                                                                                                                                                0x004e0656
                                                                                                                                                                                0x004e0660
                                                                                                                                                                                0x004e0665
                                                                                                                                                                                0x004e066f
                                                                                                                                                                                0x004e0674
                                                                                                                                                                                0x004e067e
                                                                                                                                                                                0x004e0683
                                                                                                                                                                                0x004e068d
                                                                                                                                                                                0x004e069c
                                                                                                                                                                                0x004e06b0
                                                                                                                                                                                0x004e06c2
                                                                                                                                                                                0x004e06c9
                                                                                                                                                                                0x004e06d9
                                                                                                                                                                                0x004e06cb
                                                                                                                                                                                0x004e06d1
                                                                                                                                                                                0x004e06d1
                                                                                                                                                                                0x004e06f6
                                                                                                                                                                                0x004e06fb
                                                                                                                                                                                0x004e06fe
                                                                                                                                                                                0x004e070a
                                                                                                                                                                                0x004e0710
                                                                                                                                                                                0x004e071e
                                                                                                                                                                                0x004e0723
                                                                                                                                                                                0x004e072d
                                                                                                                                                                                0x004e072d
                                                                                                                                                                                0x004e0737
                                                                                                                                                                                0x004e0738
                                                                                                                                                                                0x004e073e
                                                                                                                                                                                0x004e074e
                                                                                                                                                                                0x004e075b
                                                                                                                                                                                0x004e075c
                                                                                                                                                                                0x004e0762
                                                                                                                                                                                0x004e0763
                                                                                                                                                                                0x004e0769
                                                                                                                                                                                0x004e076a
                                                                                                                                                                                0x004e0779
                                                                                                                                                                                0x004e077e
                                                                                                                                                                                0x004e0786
                                                                                                                                                                                0x004e0796
                                                                                                                                                                                0x004e0788
                                                                                                                                                                                0x004e078e
                                                                                                                                                                                0x004e078e
                                                                                                                                                                                0x004e07aa
                                                                                                                                                                                0x004e07b6
                                                                                                                                                                                0x004e07bb
                                                                                                                                                                                0x004e07be
                                                                                                                                                                                0x004e07ca
                                                                                                                                                                                0x004e07d0
                                                                                                                                                                                0x004e07de
                                                                                                                                                                                0x004e07e3
                                                                                                                                                                                0x004e07ed
                                                                                                                                                                                0x004e07f5
                                                                                                                                                                                0x004e07fa
                                                                                                                                                                                0x004e07fd
                                                                                                                                                                                0x004e07ff
                                                                                                                                                                                0x004e0812
                                                                                                                                                                                0x004e0817
                                                                                                                                                                                0x004e081f
                                                                                                                                                                                0x004e082f
                                                                                                                                                                                0x004e0821
                                                                                                                                                                                0x004e0827
                                                                                                                                                                                0x004e0827
                                                                                                                                                                                0x004e084c
                                                                                                                                                                                0x004e0851
                                                                                                                                                                                0x004e0854
                                                                                                                                                                                0x004e0860
                                                                                                                                                                                0x004e0866
                                                                                                                                                                                0x004e0874
                                                                                                                                                                                0x004e0879
                                                                                                                                                                                0x004e0883
                                                                                                                                                                                0x004e0883
                                                                                                                                                                                0x004e088f
                                                                                                                                                                                0x004e0894
                                                                                                                                                                                0x004e0897
                                                                                                                                                                                0x004e08a3
                                                                                                                                                                                0x004e08a9
                                                                                                                                                                                0x004e08b3
                                                                                                                                                                                0x004e08c0
                                                                                                                                                                                0x004e08d3
                                                                                                                                                                                0x004e08c2
                                                                                                                                                                                0x004e08cb
                                                                                                                                                                                0x004e08cb
                                                                                                                                                                                0x004e08e7
                                                                                                                                                                                0x004e08ec
                                                                                                                                                                                0x004e08f6
                                                                                                                                                                                0x004e08ff
                                                                                                                                                                                0x004e0904
                                                                                                                                                                                0x004e0909
                                                                                                                                                                                0x004e0910
                                                                                                                                                                                0x004e0920
                                                                                                                                                                                0x004e0912
                                                                                                                                                                                0x004e0918
                                                                                                                                                                                0x004e0918
                                                                                                                                                                                0x004e093d
                                                                                                                                                                                0x004e0942
                                                                                                                                                                                0x004e0945
                                                                                                                                                                                0x004e0951
                                                                                                                                                                                0x004e0957
                                                                                                                                                                                0x004e0965
                                                                                                                                                                                0x004e096a
                                                                                                                                                                                0x004e0974
                                                                                                                                                                                0x004e0974
                                                                                                                                                                                0x004e0982
                                                                                                                                                                                0x004e098c
                                                                                                                                                                                0x004e098c
                                                                                                                                                                                0x004e09a6
                                                                                                                                                                                0x004e09b0
                                                                                                                                                                                0x004e09b0
                                                                                                                                                                                0x004e09bf
                                                                                                                                                                                0x004e09c9
                                                                                                                                                                                0x004e09c9
                                                                                                                                                                                0x004e09e3
                                                                                                                                                                                0x004e09ed
                                                                                                                                                                                0x004e09ed
                                                                                                                                                                                0x004e09f8
                                                                                                                                                                                0x004e09fd
                                                                                                                                                                                0x004e0a05
                                                                                                                                                                                0x004e0a15
                                                                                                                                                                                0x004e0a07
                                                                                                                                                                                0x004e0a0d
                                                                                                                                                                                0x004e0a0d
                                                                                                                                                                                0x004e0a3a
                                                                                                                                                                                0x004e0a46
                                                                                                                                                                                0x004e0a4c
                                                                                                                                                                                0x004e0a5a
                                                                                                                                                                                0x004e0a5f
                                                                                                                                                                                0x004e0a69
                                                                                                                                                                                0x004e0a75
                                                                                                                                                                                0x004e0a7a
                                                                                                                                                                                0x004e0a7d
                                                                                                                                                                                0x004e0a89
                                                                                                                                                                                0x004e0a8f
                                                                                                                                                                                0x004e0a99
                                                                                                                                                                                0x004e0a9f
                                                                                                                                                                                0x004e0aa6
                                                                                                                                                                                0x004e0ab9
                                                                                                                                                                                0x004e0aa8
                                                                                                                                                                                0x004e0ab1
                                                                                                                                                                                0x004e0ab1
                                                                                                                                                                                0x004e0acd
                                                                                                                                                                                0x004e0ad2
                                                                                                                                                                                0x004e0adc
                                                                                                                                                                                0x004e0ae1
                                                                                                                                                                                0x004e0aeb
                                                                                                                                                                                0x004e0af9
                                                                                                                                                                                0x004e0aed
                                                                                                                                                                                0x004e0aed
                                                                                                                                                                                0x004e0aed
                                                                                                                                                                                0x004e0b03
                                                                                                                                                                                0x004e0b0d
                                                                                                                                                                                0x004e0b19
                                                                                                                                                                                0x004e0b2b
                                                                                                                                                                                0x004e0b1b
                                                                                                                                                                                0x004e0b23
                                                                                                                                                                                0x004e0b23
                                                                                                                                                                                0x004e0b48
                                                                                                                                                                                0x004e0b4d
                                                                                                                                                                                0x004e0b50
                                                                                                                                                                                0x004e0b5c
                                                                                                                                                                                0x004e0b62
                                                                                                                                                                                0x004e0b70
                                                                                                                                                                                0x004e0b75
                                                                                                                                                                                0x004e0b7f
                                                                                                                                                                                0x004e0b8e
                                                                                                                                                                                0x004e0b97
                                                                                                                                                                                0x004e0ba9
                                                                                                                                                                                0x004e0b99
                                                                                                                                                                                0x004e0ba1
                                                                                                                                                                                0x004e0ba1
                                                                                                                                                                                0x004e0bc6
                                                                                                                                                                                0x004e0bcb
                                                                                                                                                                                0x004e0bce
                                                                                                                                                                                0x004e0bda
                                                                                                                                                                                0x004e0be0
                                                                                                                                                                                0x004e0bee
                                                                                                                                                                                0x004e0bf3
                                                                                                                                                                                0x004e0bfd
                                                                                                                                                                                0x004e0bfd
                                                                                                                                                                                0x004e0c02
                                                                                                                                                                                0x004e0c0a
                                                                                                                                                                                0x004e0c0c
                                                                                                                                                                                0x004e0c0e
                                                                                                                                                                                0x004e0c23
                                                                                                                                                                                0x004e0c23
                                                                                                                                                                                0x004e0c2b
                                                                                                                                                                                0x004e0c30
                                                                                                                                                                                0x004e0c3e
                                                                                                                                                                                0x004e0c43
                                                                                                                                                                                0x004e0c4f
                                                                                                                                                                                0x004e0c55
                                                                                                                                                                                0x004e0c5f
                                                                                                                                                                                0x004e0c6c
                                                                                                                                                                                0x004e0c7f
                                                                                                                                                                                0x004e0c6e
                                                                                                                                                                                0x004e0c77
                                                                                                                                                                                0x004e0c77
                                                                                                                                                                                0x004e0ca4
                                                                                                                                                                                0x004e0cb0
                                                                                                                                                                                0x004e0cb6
                                                                                                                                                                                0x004e0cc4
                                                                                                                                                                                0x004e0cc9
                                                                                                                                                                                0x004e0cd3
                                                                                                                                                                                0x004e0cd8
                                                                                                                                                                                0x004e0ce2
                                                                                                                                                                                0x004e0cee
                                                                                                                                                                                0x004e0cfc
                                                                                                                                                                                0x004e0d02
                                                                                                                                                                                0x004e0d09
                                                                                                                                                                                0x004e0d0e
                                                                                                                                                                                0x004e0d15
                                                                                                                                                                                0x004e0d1a
                                                                                                                                                                                0x004e0d21
                                                                                                                                                                                0x004e0d26
                                                                                                                                                                                0x004e0d2c
                                                                                                                                                                                0x004e0d41

                                                                                                                                                                                APIs
                                                                                                                                                                                • _Immortalize.LIBCPMTD ref: 004E016D
                                                                                                                                                                                • _Immortalize.LIBCPMTD ref: 004E027F
                                                                                                                                                                                • PathFindFileNameW.SHLWAPI(00000000,&sufn=,00000000,?,?,?,?,&moldid=,00000000,?,?,?,?,?), ref: 004E0371
                                                                                                                                                                                  • Part of subcall function 00484EA0: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00484F0F
                                                                                                                                                                                  • Part of subcall function 00484EA0: _memset.LIBCMT ref: 00484F43
                                                                                                                                                                                  • Part of subcall function 00484EA0: __wcstoi64.LIBCMT ref: 00484F6F
                                                                                                                                                                                  • Part of subcall function 0047F670: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 0047F6A8
                                                                                                                                                                                  • Part of subcall function 0047F670: _memset.LIBCMT ref: 0047F6DE
                                                                                                                                                                                  • Part of subcall function 0047F670: _swscanf.LIBCMT ref: 0047F743
                                                                                                                                                                                • _Immortalize.LIBCPMTD ref: 004E073F
                                                                                                                                                                                • _Immortalize.LIBCPMTD ref: 004E074F
                                                                                                                                                                                  • Part of subcall function 00502490: GetLocaleInfoW.KERNEL32(00000400,0000005A,?,00000008,554C9AD9,?,00000000,00508795,000000FF,?,004E09FD,?,00000000,0000000C,0000005A,00000000), ref: 005024F3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Immortalize$Iterator_baseIterator_base::__memsetstd::_$FileFindInfoLocaleNamePath__wcstoi64_swscanf
                                                                                                                                                                                • String ID: &avr=$&cntry=$&dnt=$&gloss=$&ibprs=$&ibprv=$&iev=%d&ffv=%d&crv=%d&dwb=%s&dlb=%s&wbr=%d$&mntrId=$&moldid=$&notc=1$&noupgrd=1$&osp=$&sufn=$&sutp=%d&sufl=%d&tbp=%d&prver=%d&minreq=%d&dtct=%d&wvr=%d$&tbinst=1$&tbtp=$&test=$&voices=$&w64=1$/'N$/'N$WBR$hbS$ver=
                                                                                                                                                                                • API String ID: 327512372-716390181
                                                                                                                                                                                • Opcode ID: 4bef0c0ba3a24897add529fc10220d9e656324a7dba94df43896c4722ebccdb4
                                                                                                                                                                                • Instruction ID: 3b98f8d82bb84df878d0254f465412ed47e9ad28aab4b3b75e605d2f278c53bf
                                                                                                                                                                                • Opcode Fuzzy Hash: 4bef0c0ba3a24897add529fc10220d9e656324a7dba94df43896c4722ebccdb4
                                                                                                                                                                                • Instruction Fuzzy Hash: B2828DB0D012589BDB24EB65DD45BDEB7B4AF54308F1080EEE10967282DB786F88CF59
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00424140, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 336 424140-424154 337 424156-42415c 336->337 338 42415e-424166 GetDC 336->338 339 424169-4241c4 CreateFontW SelectObject GetTextFaceW 337->339 338->339 340 4241c6-4241cd 339->340 341 4241cf-4241d9 GetTextCharset 339->341 342 4241dc-4241e6 340->342 341->342 343 4241f6-424208 SelectObject 342->343 344 4241e8-4241f0 GetTextMetricsW 342->344 345 424216-42421d 343->345 346 42420a-424210 ReleaseDC 343->346 344->343 347 42423b-42424c DeleteObject 345->347 348 42421f-424227 345->348 346->345 349 424264-424274 call 44f6c8 347->349 350 424229-424239 StrStrIW 348->350 351 42424e-424252 348->351 350->347 350->351 351->349 352 424254-424261 call 45184a 351->352 352->349
                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                			E00424140(void* __ebx, void* __edi, void* __esi, WCHAR* _a4, signed int _a8, int _a12, int _a16, intOrPtr _a20, intOrPtr _a24, struct tagTEXTMETRICW* _a28) {
				struct HDC__* _v8;
				signed int _v12;
				short _v76;
				struct HFONT__* _v80;
				struct HWND__* _v84;
				void* _v88;
				struct HDC__* _v92;
				int _v96;
				signed int _t43;
				WCHAR* _t63;
				void* _t67;
				void* _t86;
				void* _t87;
				signed int _t88;

				_t87 = __esi;
				_t86 = __edi;
				_t67 = __ebx;
				_t43 =  *0x561244; // 0x554c9ad9
				_v12 = _t43 ^ _t88;
				if(_a20 == 0) {
					_v92 = GetDC(0);
				} else {
					_v92 = _a20;
				}
				_v8 = _v92;
				_v80 = CreateFontW(_a12, 0, 0, 0, _a16, 0, 0, 0, _a8 & 0x000000ff, 0, 0, 0, 0, _a4);
				_v88 = SelectObject(_v8, _v80);
				GetTextFaceW(_v8, 0x20,  &_v76);
				if((_a8 & 0x000000ff) != 0) {
					_v96 = GetTextCharset(_v8);
				} else {
					_v96 = 0;
				}
				_v84 = _v96;
				if(_a28 != 0) {
					GetTextMetricsW(_v8, _a28); // executed
				}
				SelectObject(_v8, _v88);
				if(_a20 == 0) {
					ReleaseDC(0, _v8);
				}
				if(_v84 != (_a8 & 0x000000ff)) {
					L13:
					_t83 = _v80;
					DeleteObject(_v80);
					_v80 = 0;
					goto L16;
				} else {
					_t83 =  *_a4 & 0x0000ffff;
					if(( *_a4 & 0x0000ffff) == 0) {
						L14:
						if(_a24 != 0) {
							E0045184A(_a24,  &_v76);
						}
						L16:
						return E0044F6C8(_v80, _t67, _v12 ^ _t88, _t83, _t86, _t87);
					}
					_t63 = StrStrIW( &_v76, _a4); // executed
					if(_t63 != 0) {
						goto L14;
					}
					goto L13;
				}
			}

















                                                                                                                                                                                0x00424140
                                                                                                                                                                                0x00424140
                                                                                                                                                                                0x00424140
                                                                                                                                                                                0x00424146
                                                                                                                                                                                0x0042414d
                                                                                                                                                                                0x00424154
                                                                                                                                                                                0x00424166
                                                                                                                                                                                0x00424156
                                                                                                                                                                                0x00424159
                                                                                                                                                                                0x00424159
                                                                                                                                                                                0x0042416c
                                                                                                                                                                                0x0042419a
                                                                                                                                                                                0x004241ab
                                                                                                                                                                                0x004241b8
                                                                                                                                                                                0x004241c4
                                                                                                                                                                                0x004241d9
                                                                                                                                                                                0x004241c6
                                                                                                                                                                                0x004241c6
                                                                                                                                                                                0x004241c6
                                                                                                                                                                                0x004241df
                                                                                                                                                                                0x004241e6
                                                                                                                                                                                0x004241f0
                                                                                                                                                                                0x004241f0
                                                                                                                                                                                0x004241fe
                                                                                                                                                                                0x00424208
                                                                                                                                                                                0x00424210
                                                                                                                                                                                0x00424210
                                                                                                                                                                                0x0042421d
                                                                                                                                                                                0x0042423b
                                                                                                                                                                                0x0042423b
                                                                                                                                                                                0x0042423f
                                                                                                                                                                                0x00424245
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0042421f
                                                                                                                                                                                0x00424222
                                                                                                                                                                                0x00424227
                                                                                                                                                                                0x0042424e
                                                                                                                                                                                0x00424252
                                                                                                                                                                                0x0042425c
                                                                                                                                                                                0x00424261
                                                                                                                                                                                0x00424264
                                                                                                                                                                                0x00424274
                                                                                                                                                                                0x00424274
                                                                                                                                                                                0x00424231
                                                                                                                                                                                0x00424239
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00424239

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00424160
                                                                                                                                                                                • CreateFontW.GDI32(0053C118,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?), ref: 00424194
                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 004241A5
                                                                                                                                                                                • GetTextFaceW.GDI32(00000000,00000020,?), ref: 004241B8
                                                                                                                                                                                • GetTextCharset.GDI32(00000000), ref: 004241D3
                                                                                                                                                                                • GetTextMetricsW.GDI32(00000000,00000000), ref: 004241F0
                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 004241FE
                                                                                                                                                                                • ReleaseDC.USER32 ref: 00424210
                                                                                                                                                                                • StrStrIW.SHLWAPI(?,?), ref: 00424231
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0042423F
                                                                                                                                                                                • _wcscpy.LIBCMT ref: 0042425C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ObjectText$Select$CharsetCreateDeleteFaceFontMetricsRelease_wcscpy
                                                                                                                                                                                • String ID: .DB
                                                                                                                                                                                • API String ID: 588102623-3243579461
                                                                                                                                                                                • Opcode ID: 4ca0d98cf20631fccaf790c2c32be238378f39f3350437f1d2a6cd27e18ae94b
                                                                                                                                                                                • Instruction ID: ea6a59b79ecef2f09fddcaa62a7bb6481acd72d89f002cd1ffdad0adaeb43d27
                                                                                                                                                                                • Opcode Fuzzy Hash: 4ca0d98cf20631fccaf790c2c32be238378f39f3350437f1d2a6cd27e18ae94b
                                                                                                                                                                                • Instruction Fuzzy Hash: A7415C74A00208EFEB14CFE4DC48BEE7BB5EF98701F10814AF919AB284D7749945DB64
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00433210, Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 387memoryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 357 433210-43324a call 434290 360 433289-4332a4 call 433ac0 357->360 361 43324c-433284 call 4134d0 call 413d50 call 456a4c call 413c20 357->361 364 4332a9-4332c4 360->364 361->360 366 4332c6-4332ed call 41d410 call 433680 call 433720 364->366 367 4332ef-4332f5 364->367 391 433353-433356 366->391 370 4332f7-433315 call 415110 call 433680 367->370 371 433326-433344 call 441910 call 433720 367->371 388 433317-433322 call 433680 370->388 389 433324 370->389 371->391 392 433346-433351 call 433720 371->392 388->389 389->391 393 433359-433375 call 42ae30 call 436ba0 391->393 392->391 402 43337b-4333af call 42ae30 * 3 call 415110 393->402 403 433649-43367d call 41d410 call 436ba0 call 445360 393->403 418 4333b5-4333ed call 42ae30 * 2 call 441910 call 436ba0 402->418 419 4334ff-433537 call 42ae30 * 2 call 415110 call 436ba0 402->419 436 4333ef-433459 call 42ae30 call 436ba0 * 2 call 42ae30 * 2 call 436ba0 call 42ae30 * 2 418->436 437 43345e-43347a call 42ae30 call 441910 418->437 438 433539-4335a3 call 42ae30 call 436ba0 * 2 call 42ae30 * 2 call 436ba0 call 42ae30 * 2 419->438 439 4335a8-4335c4 call 42ae30 call 415110 419->439 513 4334fa 436->513 460 433499-4334f5 call 42ae30 call 436ba0 call 42ae30 * 2 call 436ba0 call 42ae30 * 2 call 433740 437->460 461 43347c-433494 call 42ae30 call 427b10 437->461 514 433644 438->514 457 4335e3-43363f call 42ae30 call 436ba0 call 42ae30 * 2 call 436ba0 call 42ae30 * 2 call 427b10 439->457 458 4335c6-4335de call 42ae30 call 433740 439->458 457->514 458->457 460->513 461->460 513->514 514->393
                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                			E00433210(intOrPtr __ecx, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v64;
				char _v92;
				intOrPtr _v96;
				signed int _t94;
				intOrPtr _t101;
				intOrPtr* _t103;
				intOrPtr* _t104;
				char* _t107;
				intOrPtr* _t113;
				intOrPtr* _t117;
				char* _t122;
				intOrPtr* _t125;
				intOrPtr* _t134;
				intOrPtr* _t137;
				intOrPtr* _t149;
				char* _t156;
				intOrPtr* _t159;
				intOrPtr* _t168;
				intOrPtr* _t171;
				intOrPtr* _t184;
				intOrPtr* _t187;
				intOrPtr* _t188;
				signed int _t291;
				void* _t292;
				void* _t293;
				void* _t295;
				void* _t300;
				void* _t304;
				void* _t306;
				void* _t323;
				void* _t325;

				_push(0xffffffff);
				_push(0x517298);
				_push( *[fs:0x0]);
				_t293 = _t292 - 0x50;
				_t94 =  *0x561244; // 0x554c9ad9
				_push(_t94 ^ _t291);
				 *[fs:0x0] =  &_v16;
				_v96 = __ecx;
				if(E00434290(_v96) - 1 <=  *((intOrPtr*)(_v96 + 8))) {
					E004134D0( &_v92, "map/set<T> too long");
					_v8 = 0;
					E00413D50( &_v92);
					E00456A4C( &_v64, 0x544b50);
					_v8 = 0xffffffff;
					E00413C20( &_v92);
				}
				_t101 = E00433AC0( *((intOrPtr*)(_v96 + 4)), _a12,  *((intOrPtr*)(_v96 + 4)), _a16, 0); // executed
				_v20 = _t101;
				 *((intOrPtr*)(_v96 + 8)) =  *((intOrPtr*)(_v96 + 8)) + 1;
				if(_a12 !=  *((intOrPtr*)(_v96 + 4))) {
					__eflags = _a8 & 0x000000ff;
					if((_a8 & 0x000000ff) == 0) {
						_t103 = E00441910(_a12);
						_t293 = _t293 + 4;
						 *_t103 = _v20;
						_t104 = E00433720(_v96);
						__eflags = _a12 -  *_t104;
						if(_a12 ==  *_t104) {
							 *((intOrPtr*)(E00433720(_v96))) = _v20;
						}
					} else {
						_t187 = E00415110(_a12);
						_t293 = _t293 + 4;
						 *_t187 = _v20;
						_t188 = E00433680(_v96);
						__eflags = _a12 -  *_t188;
						if(_a12 ==  *_t188) {
							 *((intOrPtr*)(E00433680(_v96))) = _v20;
						}
					}
				} else {
					 *((intOrPtr*)(E0041D410(_v96))) = _v20;
					 *((intOrPtr*)(E00433680(_v96))) = _v20;
					 *((intOrPtr*)(E00433720(_v96))) = _v20;
				}
				_v24 = _v20;
				while(1) {
					_t107 = E00436BA0( *((intOrPtr*)(E0042AE30(_v24))));
					_t295 = _t293 + 8;
					if( *_t107 != 0) {
						break;
					}
					_t113 = E0042AE30(_v24);
					_t117 = E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))));
					_t300 = _t295 + 0x10;
					if( *_t113 !=  *_t117) {
						_a12 =  *((intOrPtr*)(E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t122 = E00436BA0(_a12);
						_t304 = _t300 + 0x10;
						__eflags =  *_t122;
						if( *_t122 != 0) {
							_t125 = E00415110( *((intOrPtr*)(E0042AE30(_v24))));
							_t306 = _t304 + 8;
							__eflags = _v24 -  *_t125;
							if(_v24 ==  *_t125) {
								_t137 = E0042AE30(_v24);
								_t306 = _t306 + 4;
								_v24 =  *_t137;
								E00433740(_v96, __eflags, _v24);
							}
							 *((char*)(E00436BA0( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00436BA0( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t134 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t306 + 0x1c;
							E00427B10(_v96, __eflags,  *_t134);
						} else {
							 *((char*)(E00436BA0( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00436BA0(_a12))) = 1;
							 *((char*)(E00436BA0( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t149 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t304 + 0x20;
							_v24 =  *_t149;
						}
					} else {
						_a12 =  *((intOrPtr*)(E00441910( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t156 = E00436BA0(_a12);
						_t323 = _t300 + 0x10;
						if( *_t156 != 0) {
							_t159 = E00441910( *((intOrPtr*)(E0042AE30(_v24))));
							_t325 = _t323 + 8;
							__eflags = _v24 -  *_t159;
							if(_v24 ==  *_t159) {
								_t171 = E0042AE30(_v24);
								_t325 = _t325 + 4;
								_v24 =  *_t171;
								E00427B10(_v96, __eflags, _v24);
							}
							 *((char*)(E00436BA0( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00436BA0( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t168 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t325 + 0x1c;
							E00433740(_v96, __eflags,  *_t168);
						} else {
							 *((char*)(E00436BA0( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00436BA0(_a12))) = 1;
							 *((char*)(E00436BA0( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t184 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t323 + 0x20;
							_v24 =  *_t184;
						}
					}
				}
				 *((char*)(E00436BA0( *((intOrPtr*)(E0041D410(_v96)))))) = 1;
				E00445360(_a4, _v20);
				 *[fs:0x0] = _v16;
				return _a4;
			}






































                                                                                                                                                                                0x00433213
                                                                                                                                                                                0x00433215
                                                                                                                                                                                0x00433220
                                                                                                                                                                                0x00433221
                                                                                                                                                                                0x00433225
                                                                                                                                                                                0x0043322c
                                                                                                                                                                                0x00433230
                                                                                                                                                                                0x00433236
                                                                                                                                                                                0x0043324a
                                                                                                                                                                                0x00433254
                                                                                                                                                                                0x00433259
                                                                                                                                                                                0x00433267
                                                                                                                                                                                0x00433275
                                                                                                                                                                                0x0043327a
                                                                                                                                                                                0x00433284
                                                                                                                                                                                0x00433284
                                                                                                                                                                                0x004332a4
                                                                                                                                                                                0x004332a9
                                                                                                                                                                                0x004332b8
                                                                                                                                                                                0x004332c4
                                                                                                                                                                                0x004332f3
                                                                                                                                                                                0x004332f5
                                                                                                                                                                                0x0043332a
                                                                                                                                                                                0x0043332f
                                                                                                                                                                                0x00433335
                                                                                                                                                                                0x0043333a
                                                                                                                                                                                0x00433342
                                                                                                                                                                                0x00433344
                                                                                                                                                                                0x00433351
                                                                                                                                                                                0x00433351
                                                                                                                                                                                0x004332f7
                                                                                                                                                                                0x004332fb
                                                                                                                                                                                0x00433300
                                                                                                                                                                                0x00433306
                                                                                                                                                                                0x0043330b
                                                                                                                                                                                0x00433313
                                                                                                                                                                                0x00433315
                                                                                                                                                                                0x00433322
                                                                                                                                                                                0x00433322
                                                                                                                                                                                0x00433324
                                                                                                                                                                                0x004332c6
                                                                                                                                                                                0x004332d1
                                                                                                                                                                                0x004332de
                                                                                                                                                                                0x004332eb
                                                                                                                                                                                0x004332eb
                                                                                                                                                                                0x00433356
                                                                                                                                                                                0x00433359
                                                                                                                                                                                0x00433368
                                                                                                                                                                                0x0043336d
                                                                                                                                                                                0x00433375
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0043337f
                                                                                                                                                                                0x004333a3
                                                                                                                                                                                0x004333a8
                                                                                                                                                                                0x004333af
                                                                                                                                                                                0x00433523
                                                                                                                                                                                0x0043352a
                                                                                                                                                                                0x0043352f
                                                                                                                                                                                0x00433535
                                                                                                                                                                                0x00433537
                                                                                                                                                                                0x004335b7
                                                                                                                                                                                0x004335bc
                                                                                                                                                                                0x004335c2
                                                                                                                                                                                0x004335c4
                                                                                                                                                                                0x004335ca
                                                                                                                                                                                0x004335cf
                                                                                                                                                                                0x004335d4
                                                                                                                                                                                0x004335de
                                                                                                                                                                                0x004335de
                                                                                                                                                                                0x004335fa
                                                                                                                                                                                0x0043361f
                                                                                                                                                                                0x00433631
                                                                                                                                                                                0x00433636
                                                                                                                                                                                0x0043363f
                                                                                                                                                                                0x00433539
                                                                                                                                                                                0x00433550
                                                                                                                                                                                0x0043355f
                                                                                                                                                                                0x00433584
                                                                                                                                                                                0x00433596
                                                                                                                                                                                0x0043359b
                                                                                                                                                                                0x004335a0
                                                                                                                                                                                0x004335a0
                                                                                                                                                                                0x004333b5
                                                                                                                                                                                0x004333d9
                                                                                                                                                                                0x004333e0
                                                                                                                                                                                0x004333e5
                                                                                                                                                                                0x004333ed
                                                                                                                                                                                0x0043346d
                                                                                                                                                                                0x00433472
                                                                                                                                                                                0x00433478
                                                                                                                                                                                0x0043347a
                                                                                                                                                                                0x00433480
                                                                                                                                                                                0x00433485
                                                                                                                                                                                0x0043348a
                                                                                                                                                                                0x00433494
                                                                                                                                                                                0x00433494
                                                                                                                                                                                0x004334b0
                                                                                                                                                                                0x004334d5
                                                                                                                                                                                0x004334e7
                                                                                                                                                                                0x004334ec
                                                                                                                                                                                0x004334f5
                                                                                                                                                                                0x004333ef
                                                                                                                                                                                0x00433406
                                                                                                                                                                                0x00433415
                                                                                                                                                                                0x0043343a
                                                                                                                                                                                0x0043344c
                                                                                                                                                                                0x00433451
                                                                                                                                                                                0x00433456
                                                                                                                                                                                0x00433456
                                                                                                                                                                                0x004334fa
                                                                                                                                                                                0x00433644
                                                                                                                                                                                0x0043365c
                                                                                                                                                                                0x00433666
                                                                                                                                                                                0x00433671
                                                                                                                                                                                0x0043367d

                                                                                                                                                                                APIs
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00433275
                                                                                                                                                                                  • Part of subcall function 00456A4C: RaiseException.KERNEL32(?,?,00417495,?,?,?,?,?,00417495,?,00544A68,?), ref: 00456A8E
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 004332C9
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 004332D6
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 004332E3
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 0043330B
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 0043331A
                                                                                                                                                                                  • Part of subcall function 00433740: HandleT.LIBCPMTD ref: 004337D4
                                                                                                                                                                                  • Part of subcall function 00433740: HandleT.LIBCPMTD ref: 004337E3
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 0043333A
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 00433349
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 0043364C
                                                                                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 00433666
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Handle$AllocatorDebugExceptionException@8HeapRaiseThrow
                                                                                                                                                                                • String ID: map/set<T> too long
                                                                                                                                                                                • API String ID: 3699313741-1285458680
                                                                                                                                                                                • Opcode ID: 5c378c61003a94509d9a9d9cc51c2f99947a6c586fe5524ef43e96455eefa086
                                                                                                                                                                                • Instruction ID: c96cb9d9ccfe4d81dabe12786e20b18d9636dbc6828f727d1f2b603ee65e5e8b
                                                                                                                                                                                • Opcode Fuzzy Hash: 5c378c61003a94509d9a9d9cc51c2f99947a6c586fe5524ef43e96455eefa086
                                                                                                                                                                                • Instruction Fuzzy Hash: 5BE1A6F5E00144AFDB04EFA1E89296FB375AF98308F14446DF8059B352DA39FA11CB66
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004903A0, Relevance: 17.8, APIs: 4, Strings: 6, Instructions: 327COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 522 4903a0-490420 call 434e30 call 417a20 * 2 call 434050 call 4175c0 call 494f20 535 490538-490545 call 416630 522->535 536 490426-49044a call 414c90 call 443050 522->536 542 49054b-490561 call 41eea0 535->542 543 4905fc-490609 call 416630 535->543 547 49052c-490533 call 40d320 536->547 548 490450-49045a call 41d530 536->548 542->543 553 490567-4905b2 call 451d90 call 41ede0 542->553 554 49083b-49088f call 416630 call 4176e0 call 41ef60 call 44f6c8 543->554 555 49060f-490636 call 4130d0 call 416a30 call 41eea0 543->555 547->535 548->547 561 490460-490471 call 494f40 548->561 575 4905f4-4905f7 call 41ef10 553->575 576 4905b4-4905ef call 434050 call 417910 call 4181d0 call 4176e0 553->576 555->554 584 49063c-490688 call 451d90 call 41ede0 call 41ef10 555->584 573 490473-49049d call 41d530 561->573 574 4904a7-4904d6 call 41d530 561->574 595 4904a2-4904a5 573->595 598 4904d9-4904dd 574->598 575->543 576->575 605 49068d-4906ae call 4168f0 584->605 595->598 598->547 601 4904df-4904e3 598->601 601->547 604 4904e5-490526 call 434050 call 417910 call 4181d0 call 4176e0 CoTaskMemFree 601->604 604->547 611 4906ca-4906d1 605->611 612 4906b0-4906c4 call 4168f0 605->612 616 4906de-49071c call 4296f0 611->616 617 4906d3-4906db 611->617 612->611 623 4907aa-4907ae 616->623 624 490722-49073c 616->624 617->616 627 4907eb-490836 call 434050 call 417910 call 4181d0 call 4176e0 623->627 628 4907b0-4907b8 623->628 626 49074d-490759 624->626 630 49075b 626->630 631 49075d-490768 626->631 627->554 628->627 629 4907ba-4907ca call 416630 628->629 640 4907dc-4907e6 call 4130d0 629->640 641 4907cc-4907d7 call 4130d0 629->641 630->626 631->623 635 49076a-4907a5 call 434050 call 417910 call 4181d0 call 4176e0 631->635 635->623 640->627 641->640
                                                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                                                			E004903A0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, signed short* _a12) {
				char _v8;
				char _v16;
				char _v24;
				signed int _v28;
				char _v56;
				char _v60;
				intOrPtr _v64;
				char _v68;
				char _v72;
				char _v590;
				char _v592;
				char _v596;
				char _v1118;
				signed int _v1120;
				signed short _v1124;
				signed short* _v1128;
				char _v1132;
				char _v1133;
				char _v1168;
				char _v1169;
				char _v1204;
				char _v1205;
				char _v1240;
				char _v1241;
				char _v1276;
				char _v1277;
				char _v1278;
				intOrPtr _v1284;
				intOrPtr* _v1288;
				intOrPtr* _v1292;
				signed int _t134;
				signed int _t135;
				signed char _t147;
				void* _t154;
				signed short* _t160;
				void* _t163;
				signed char _t169;
				signed short* _t181;
				intOrPtr _t193;
				void* _t195;
				intOrPtr _t208;
				short _t260;
				signed int _t286;
				signed int _t309;
				void* _t310;
				void* _t311;
				void* _t313;
				void* _t315;

				_t315 = __eflags;
				_t308 = __esi;
				_t307 = __edi;
				_t209 = __ebx;
				_push(0xffffffff);
				_push(0x5084ad);
				_push( *[fs:0x0]);
				_t311 = _t310 - 0x4fc;
				_t134 =  *0x561244; // 0x554c9ad9
				_t135 = _t134 ^ _t309;
				_v28 = _t135;
				_push(_t135);
				 *[fs:0x0] =  &_v16;
				_v1284 = __ecx;
				E00434E30( &_v24);
				_v8 = 0;
				E00417A20(__ebx, _a8 + 4, __edi, __esi, 0, 0xffffffff);
				E00417A20(__ebx, _a4 + 4, __edi, __esi, 0, 0xffffffff);
				E004175C0(E00434050( &_v1133));
				_v8 = 1;
				if((E00494F20(_t315) & 0x000000ff) == 0) {
					L10:
					if((E00416630( &_v56) & 0x000000ff) != 0 && E0041EEA0( &_v24, 0x80000000, L".html", 1) == 0) {
						_t260 =  *0x528ea0; // 0x0
						_v592 = _t260;
						E00451D90(_t307,  &_v590, 0, 0x206);
						_t311 = _t311 + 0xc;
						_v596 = 0x104;
						if(E0041EDE0( &_v24, 0x528ea4,  &_v592,  &_v596) == 0) {
							E00417910( &_v592, E00434050( &_v1205));
							_v8 = 4;
							E004181D0( &_v60,  &_v1204);
							_v8 = 1;
							E004176E0();
						}
						E0041EF10( &_v24);
					}
					if((E00416630( &_v56) & 0x000000ff) != 0) {
						L34:
						_t147 = E00416630(_a4 + 4);
						asm("sbb edx, edx");
						_v1278 =  ~(_t147 & 0x000000ff) + 1;
						_v8 = 0;
						E004176E0();
						_v8 = 0xffffffff;
						E0041EF60( &_v24);
						 *[fs:0x0] = _v16;
						_t132 =  &_v28; // 0x490962
						__eflags =  *_t132 ^ _t309;
						return E0044F6C8(_v1278, _t209,  *_t132 ^ _t309,  ~(_t147 & 0x000000ff) + 1, _t307, _t308);
					} else {
						E004130D0( &_v56, L"\\shell\\open\\command");
						_t154 = E0041EEA0( &_v24, 0x80000000, E00416A30( &_v56), 1); // executed
						if(_t154 != 0) {
							goto L34;
						}
						_t286 =  *0x528ed0; // 0x0
						_v1120 = _t286;
						E00451D90(_t307,  &_v1118, 0, 0x206);
						_v1132 = 0x104;
						E0041EDE0( &_v24, 0x528ed4,  &_v1120,  &_v1132); // executed
						E0041EF10( &_v24); // executed
						_t160 = E004168F0( &_v1120, L"\"%1\"");
						_t313 = _t311 + 0x14;
						_v1128 = _t160;
						if(_v1128 == 0) {
							_t181 = E004168F0( &_v1120, L"%1");
							_t313 = _t313 + 8;
							_v1128 = _t181;
						}
						if(_v1128 != 0) {
							 *_v1128 = 0;
						}
						_v1124 = (0 | (_v1120 & 0x0000ffff) == 0x00000022) + (0 | (_v1120 & 0x0000ffff) == 0x00000022) + 0x20;
						_v1128 = E004296F0( &_v1118, _v1124 & 0x0000ffff);
						if(_v1128 == 0) {
							L28:
							__eflags = _a12;
							if(_a12 != 0) {
								__eflags =  *_a12 & 0x0000ffff;
								if(( *_a12 & 0x0000ffff) != 0) {
									_t169 = E00416630(_a8 + 4);
									__eflags = _t169 & 0x000000ff;
									if((_t169 & 0x000000ff) == 0) {
										__eflags = _a8 + 4;
										E004130D0(_a8 + 4, " ");
									}
									__eflags = _a8 + 4;
									E004130D0(_a8 + 4, _a12);
								}
							}
							_t163 = E00434050( &_v1277);
							(_v1120 & 0x0000ffff) - 0x22 = (_v1120 & 0x0000ffff) == 0x22;
							E00417910(_t309 + (0 | (_v1120 & 0x0000ffff) == 0x00000022) * 2 - 0x45c, _t163);
							_v8 = 6;
							E004181D0(_a4,  &_v1276);
							_v8 = 1;
							E004176E0();
							goto L34;
						} else {
							 *_v1128 = 0;
							_v1128 =  &(_v1128[1]);
							while(( *_v1128 & 0x0000ffff) == 0x20) {
								_v1128 =  &(_v1128[1]);
							}
							__eflags =  *_v1128 & 0x0000ffff;
							if(( *_v1128 & 0x0000ffff) != 0) {
								E00417910(_v1128, E00434050( &_v1241));
								_v8 = 5;
								E004181D0(_a8,  &_v1240);
								_v8 = 1;
								E004176E0();
							}
							goto L28;
						}
					}
				} else {
					E00414C90();
					_v8 = 2;
					_t193 = E00443050( &_v68, 0x51bafc, 0, 0x17); // executed
					_v64 = _t193;
					if(_v64 >= 0) {
						_t195 = E0041D530( &_v68);
						_t318 = _t195;
						if(_t195 != 0) {
							_v72 = 0;
							if((E00494F40(_t318) & 0x000000ff) == 0) {
								_v1292 = E0041D530( &_v68);
								_v64 =  *((intOrPtr*)( *((intOrPtr*)( *_v1292 + 0xc))))(_v1292, L".html", 0, 1,  &_v72);
							} else {
								_v1288 = E0041D530( &_v68);
								_t208 =  *((intOrPtr*)( *((intOrPtr*)( *_v1288 + 0xc))))(_v1288, L"http", 0, 1,  &_v72); // executed
								_v64 = _t208;
							}
							if(_v64 >= 0 && _v72 != 0) {
								E00417910(_v72, E00434050( &_v1169));
								_v8 = 3;
								E004181D0( &_v60,  &_v1168);
								_v8 = 2;
								E004176E0();
								__imp__CoTaskMemFree(_v72);
							}
						}
					}
					_v8 = 1;
					E0040D320();
					goto L10;
				}
			}



















































                                                                                                                                                                                0x004903a0
                                                                                                                                                                                0x004903a0
                                                                                                                                                                                0x004903a0
                                                                                                                                                                                0x004903a0
                                                                                                                                                                                0x004903a3
                                                                                                                                                                                0x004903a5
                                                                                                                                                                                0x004903b0
                                                                                                                                                                                0x004903b1
                                                                                                                                                                                0x004903b7
                                                                                                                                                                                0x004903bc
                                                                                                                                                                                0x004903be
                                                                                                                                                                                0x004903c1
                                                                                                                                                                                0x004903c5
                                                                                                                                                                                0x004903cb
                                                                                                                                                                                0x004903d4
                                                                                                                                                                                0x004903d9
                                                                                                                                                                                0x004903ea
                                                                                                                                                                                0x004903f9
                                                                                                                                                                                0x0049040d
                                                                                                                                                                                0x00490412
                                                                                                                                                                                0x00490420
                                                                                                                                                                                0x00490538
                                                                                                                                                                                0x00490545
                                                                                                                                                                                0x00490567
                                                                                                                                                                                0x0049056e
                                                                                                                                                                                0x00490583
                                                                                                                                                                                0x00490588
                                                                                                                                                                                0x0049058b
                                                                                                                                                                                0x004905b2
                                                                                                                                                                                0x004905cd
                                                                                                                                                                                0x004905d2
                                                                                                                                                                                0x004905e0
                                                                                                                                                                                0x004905e5
                                                                                                                                                                                0x004905ef
                                                                                                                                                                                0x004905ef
                                                                                                                                                                                0x004905f7
                                                                                                                                                                                0x004905f7
                                                                                                                                                                                0x00490609
                                                                                                                                                                                0x0049083b
                                                                                                                                                                                0x00490841
                                                                                                                                                                                0x0049084b
                                                                                                                                                                                0x00490850
                                                                                                                                                                                0x00490856
                                                                                                                                                                                0x0049085d
                                                                                                                                                                                0x00490862
                                                                                                                                                                                0x0049086c
                                                                                                                                                                                0x0049087a
                                                                                                                                                                                0x00490882
                                                                                                                                                                                0x00490885
                                                                                                                                                                                0x0049088f
                                                                                                                                                                                0x0049060f
                                                                                                                                                                                0x00490617
                                                                                                                                                                                0x0049062f
                                                                                                                                                                                0x00490636
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0049063c
                                                                                                                                                                                0x00490643
                                                                                                                                                                                0x00490658
                                                                                                                                                                                0x00490660
                                                                                                                                                                                0x00490680
                                                                                                                                                                                0x00490688
                                                                                                                                                                                0x00490699
                                                                                                                                                                                0x0049069e
                                                                                                                                                                                0x004906a1
                                                                                                                                                                                0x004906ae
                                                                                                                                                                                0x004906bc
                                                                                                                                                                                0x004906c1
                                                                                                                                                                                0x004906c4
                                                                                                                                                                                0x004906c4
                                                                                                                                                                                0x004906d1
                                                                                                                                                                                0x004906db
                                                                                                                                                                                0x004906db
                                                                                                                                                                                0x004906f1
                                                                                                                                                                                0x0049070f
                                                                                                                                                                                0x0049071c
                                                                                                                                                                                0x004907aa
                                                                                                                                                                                0x004907aa
                                                                                                                                                                                0x004907ae
                                                                                                                                                                                0x004907b6
                                                                                                                                                                                0x004907b8
                                                                                                                                                                                0x004907c0
                                                                                                                                                                                0x004907c8
                                                                                                                                                                                0x004907ca
                                                                                                                                                                                0x004907d4
                                                                                                                                                                                0x004907d7
                                                                                                                                                                                0x004907d7
                                                                                                                                                                                0x004907e3
                                                                                                                                                                                0x004907e6
                                                                                                                                                                                0x004907e6
                                                                                                                                                                                0x004907b8
                                                                                                                                                                                0x004907f1
                                                                                                                                                                                0x00490803
                                                                                                                                                                                0x00490814
                                                                                                                                                                                0x00490819
                                                                                                                                                                                0x00490827
                                                                                                                                                                                0x0049082c
                                                                                                                                                                                0x00490836
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00490722
                                                                                                                                                                                0x0049072a
                                                                                                                                                                                0x00490736
                                                                                                                                                                                0x0049074d
                                                                                                                                                                                0x00490747
                                                                                                                                                                                0x00490747
                                                                                                                                                                                0x00490766
                                                                                                                                                                                0x00490768
                                                                                                                                                                                0x00490783
                                                                                                                                                                                0x00490788
                                                                                                                                                                                0x00490796
                                                                                                                                                                                0x0049079b
                                                                                                                                                                                0x004907a5
                                                                                                                                                                                0x004907a5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00490768
                                                                                                                                                                                0x0049071c
                                                                                                                                                                                0x00490426
                                                                                                                                                                                0x00490429
                                                                                                                                                                                0x0049042e
                                                                                                                                                                                0x0049043e
                                                                                                                                                                                0x00490443
                                                                                                                                                                                0x0049044a
                                                                                                                                                                                0x00490453
                                                                                                                                                                                0x00490458
                                                                                                                                                                                0x0049045a
                                                                                                                                                                                0x00490460
                                                                                                                                                                                0x00490471
                                                                                                                                                                                0x004904af
                                                                                                                                                                                0x004904d6
                                                                                                                                                                                0x00490473
                                                                                                                                                                                0x0049047b
                                                                                                                                                                                0x004904a0
                                                                                                                                                                                0x004904a2
                                                                                                                                                                                0x004904a2
                                                                                                                                                                                0x004904dd
                                                                                                                                                                                0x004904fb
                                                                                                                                                                                0x00490500
                                                                                                                                                                                0x0049050e
                                                                                                                                                                                0x00490513
                                                                                                                                                                                0x0049051d
                                                                                                                                                                                0x00490526
                                                                                                                                                                                0x00490526
                                                                                                                                                                                0x004904dd
                                                                                                                                                                                0x0049045a
                                                                                                                                                                                0x0049052c
                                                                                                                                                                                0x00490533
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00490533

                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 004903D4
                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000,?,00000000,00000000), ref: 00490526
                                                                                                                                                                                • _memset.LIBCMT ref: 00490583
                                                                                                                                                                                • _memset.LIBCMT ref: 00490658
                                                                                                                                                                                  • Part of subcall function 00443050: CoCreateInstance.OLE32(000000FF,00000000,000000FF,0053D3B4,554C9AD9,?,?,00490443,0051BAFC,00000000,00000017,00000000,00000000,000000FF,00000000,000000FF), ref: 0044306C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _memset$CreateFreeInstanceIterator_baseIterator_base::_Taskstd::_
                                                                                                                                                                                • String ID: "%1"$.html$.html$\shell\open\command$bI$http
                                                                                                                                                                                • API String ID: 2934898464-3068258827
                                                                                                                                                                                • Opcode ID: 1ee6acc8308ef5bbf25e11b502ac4752b9842d3a1b8f0261bc2eaf2ace9b284c
                                                                                                                                                                                • Instruction ID: a00b38a2294e0f63c61b35cacd2b43a42522c649960b94876aacb899d072ca9d
                                                                                                                                                                                • Opcode Fuzzy Hash: 1ee6acc8308ef5bbf25e11b502ac4752b9842d3a1b8f0261bc2eaf2ace9b284c
                                                                                                                                                                                • Instruction Fuzzy Hash: 8AD1A3B0900218AEDF14DF55CD91BEEB774AF54308F0040AEE606671D2EB786E89CF59
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00491FB0, Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 278COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                			E00491FB0(void* __ebx, intOrPtr __ecx, struct HWND__* __edx, void* __edi, void* __esi, struct HWND__** _a4) {
				struct HWND__* _v8;
				char _v16;
				struct HWND__* _v20;
				signed int _v21;
				signed int _v28;
				void* _v60;
				char _v72;
				short _v592;
				char _v596;
				void* _v632;
				struct HWND__* _v636;
				char _v668;
				char _v669;
				char _v680;
				void* _v716;
				char _v720;
				char _v752;
				char _v753;
				char _v764;
				void* _v800;
				char _v804;
				char _v836;
				char _v837;
				char _v848;
				void* _v884;
				int _v888;
				char _v920;
				char _v921;
				char _v932;
				void* _v968;
				int _v972;
				char _v1004;
				char _v1005;
				char _v1016;
				char _v1017;
				char _v1052;
				char _v1053;
				char _v1060;
				char _v1064;
				struct HWND__* _v1068;
				intOrPtr _v1072;
				intOrPtr _v1076;
				intOrPtr _v1080;
				intOrPtr _v1084;
				intOrPtr _v1088;
				intOrPtr _v1092;
				intOrPtr _v1096;
				intOrPtr _v1100;
				intOrPtr _v1104;
				intOrPtr _v1108;
				intOrPtr _v1112;
				signed int _t141;
				signed int _t142;
				struct HWND__* _t189;
				signed int _t191;
				struct HWND__* _t192;
				signed int _t195;
				signed char _t204;
				void* _t207;
				struct HWND__* _t271;
				void* _t284;
				void* _t285;
				signed int _t286;

				_t285 = __esi;
				_t284 = __edi;
				_t271 = __edx;
				_t207 = __ebx;
				_push(0xffffffff);
				_push(0x51140b);
				_push( *[fs:0x0]);
				_t141 =  *0x561244; // 0x554c9ad9
				_t142 = _t141 ^ _t286;
				_v28 = _t142;
				_push(_t142);
				 *[fs:0x0] =  &_v16;
				_v1072 = __ecx;
				if( *0x5bc5fc == 0xfffffffe) {
					 *0x5bc5fc = 0xffffffff;
					E00433E30( &_v72);
					_v8 = 0;
					E00413100( &_v596);
					_v636 = 0;
					E00417910(L"IEFrame", E00434050( &_v669));
					_v8 = 1;
					_v1076 = E00433FC0( &_v668,  &_v636);
					_v1080 = _v1076;
					_v8 = 2;
					E00432780( &_v72, __eflags,  &_v680, _v1080);
					_v8 = 1;
					E00443640();
					_v8 = 0;
					E004176E0();
					_v720 = 1;
					E00417910(L"MozillaWindowClass", E00434050( &_v753));
					_v8 = 3;
					_v1084 = E00433FC0( &_v752,  &_v720);
					_v1088 = _v1084;
					_v8 = 4;
					E00432780( &_v72, __eflags,  &_v764, _v1088);
					_v8 = 3;
					E00443640();
					_v8 = 0;
					E004176E0();
					_v804 = 1;
					E00417910(L"MozillaUIWindowClass", E00434050( &_v837));
					_v8 = 5;
					_v1092 = E00433FC0( &_v836,  &_v804);
					_v1096 = _v1092;
					_v8 = 6;
					E00432780( &_v72, __eflags,  &_v848, _v1096);
					_v8 = 5;
					E00443640();
					_v8 = 0;
					E004176E0();
					_v888 = 2;
					E00417910(L"Chrome_WidgetWin_0", E00434050( &_v921));
					_v8 = 7;
					_v1100 = E00433FC0( &_v920,  &_v888);
					_v1104 = _v1100;
					_v8 = 8;
					E00432780( &_v72, __eflags,  &_v932, _v1104);
					_v8 = 7;
					E00443640();
					_v8 = 0;
					E004176E0();
					_v972 = 2;
					E00417910(L"Chrome_WidgetWin_1", E00434050( &_v1005));
					_v8 = 9;
					_v1108 = E00433FC0( &_v1004,  &_v972);
					_v1112 = _v1108;
					_v8 = 0xa;
					E00432780( &_v72, __eflags,  &_v1016, _v1112);
					_v8 = 9;
					E00443640();
					_v8 = 0;
					E004176E0();
					_v21 = 0;
					_v20 = 0;
					E004175C0(E00434050( &_v1017));
					_v8 = 0xb;
					while(1) {
						__eflags = _v21 & 0x000000ff;
						if((_v21 & 0x000000ff) != 0) {
							break;
						}
						__eflags = _v20;
						if(_v20 != 0) {
							_v20 = GetWindow(_v20, 2);
						} else {
							_v20 = GetTopWindow(0);
						}
						__eflags = _v20;
						if(_v20 != 0) {
							_t195 = GetClassNameW(_v20,  &_v592, 0x104);
							__eflags = _t195;
							if(_t195 <= 0) {
								goto L14;
							}
							E00417910( &_v592, E00434050( &_v1053));
							_v8 = 0xc;
							_v596 =  *((intOrPtr*)(E00434AA0( &_v72, __eflags,  &_v1060,  &_v1052)));
							_v8 = 0xb;
							E004176E0();
							_t204 = E00434020( &_v596, __eflags, E00407DE0( &_v72,  &_v1064));
							__eflags = _t204 & 0x000000ff;
							if((_t204 & 0x000000ff) == 0) {
								goto L14;
							}
							__eflags = _a4;
							if(_a4 != 0) {
								 *_a4 = _v20;
							}
							 *0x5bc5fc =  *(E0043D840( &_v596) + 0x20);
							_v21 = 1;
							break;
						} else {
							_v21 = 1;
							L14:
							continue;
						}
					}
					__eflags =  *0x5bc5fc - 0xffffffff;
					if( *0x5bc5fc == 0xffffffff) {
						_t191 = E00490170(_v1072, 0x30, 1);
						__eflags = _t191;
						if(_t191 != 0) {
							_t192 = E00491620(_v1072); // executed
							 *0x5bc5fc = _t192;
						}
					}
					_t271 =  *0x5bc5fc; // 0x0
					_v1068 = _t271;
					_v8 = 0;
					E004176E0();
					_v8 = 0xffffffff;
					E004326D0();
					_t189 = _v1068;
					L19:
					 *[fs:0x0] = _v16;
					return E0044F6C8(_t189, _t207, _v28 ^ _t286, _t271, _t284, _t285);
				}
				_t189 =  *0x5bc5fc; // 0x0
				goto L19;
			}


































































                                                                                                                                                                                0x00491fb0
                                                                                                                                                                                0x00491fb0
                                                                                                                                                                                0x00491fb0
                                                                                                                                                                                0x00491fb0
                                                                                                                                                                                0x00491fb3
                                                                                                                                                                                0x00491fb5
                                                                                                                                                                                0x00491fc0
                                                                                                                                                                                0x00491fc7
                                                                                                                                                                                0x00491fcc
                                                                                                                                                                                0x00491fce
                                                                                                                                                                                0x00491fd1
                                                                                                                                                                                0x00491fd5
                                                                                                                                                                                0x00491fdb
                                                                                                                                                                                0x00491fe8
                                                                                                                                                                                0x00491ff4
                                                                                                                                                                                0x00492001
                                                                                                                                                                                0x00492006
                                                                                                                                                                                0x00492013
                                                                                                                                                                                0x00492018
                                                                                                                                                                                0x00492039
                                                                                                                                                                                0x0049203e
                                                                                                                                                                                0x0049205b
                                                                                                                                                                                0x00492067
                                                                                                                                                                                0x0049206d
                                                                                                                                                                                0x00492082
                                                                                                                                                                                0x00492087
                                                                                                                                                                                0x00492091
                                                                                                                                                                                0x00492096
                                                                                                                                                                                0x004920a0
                                                                                                                                                                                0x004920a5
                                                                                                                                                                                0x004920c6
                                                                                                                                                                                0x004920cb
                                                                                                                                                                                0x004920e8
                                                                                                                                                                                0x004920f4
                                                                                                                                                                                0x004920fa
                                                                                                                                                                                0x0049210f
                                                                                                                                                                                0x00492114
                                                                                                                                                                                0x0049211e
                                                                                                                                                                                0x00492123
                                                                                                                                                                                0x0049212d
                                                                                                                                                                                0x00492132
                                                                                                                                                                                0x00492153
                                                                                                                                                                                0x00492158
                                                                                                                                                                                0x00492175
                                                                                                                                                                                0x00492181
                                                                                                                                                                                0x00492187
                                                                                                                                                                                0x0049219c
                                                                                                                                                                                0x004921a1
                                                                                                                                                                                0x004921ab
                                                                                                                                                                                0x004921b0
                                                                                                                                                                                0x004921ba
                                                                                                                                                                                0x004921bf
                                                                                                                                                                                0x004921e0
                                                                                                                                                                                0x004921e5
                                                                                                                                                                                0x00492202
                                                                                                                                                                                0x0049220e
                                                                                                                                                                                0x00492214
                                                                                                                                                                                0x00492229
                                                                                                                                                                                0x0049222e
                                                                                                                                                                                0x00492238
                                                                                                                                                                                0x0049223d
                                                                                                                                                                                0x00492247
                                                                                                                                                                                0x0049224c
                                                                                                                                                                                0x0049226d
                                                                                                                                                                                0x00492272
                                                                                                                                                                                0x0049228f
                                                                                                                                                                                0x0049229b
                                                                                                                                                                                0x004922a1
                                                                                                                                                                                0x004922b6
                                                                                                                                                                                0x004922bb
                                                                                                                                                                                0x004922c5
                                                                                                                                                                                0x004922ca
                                                                                                                                                                                0x004922d4
                                                                                                                                                                                0x004922d9
                                                                                                                                                                                0x004922dd
                                                                                                                                                                                0x004922f3
                                                                                                                                                                                0x004922f8
                                                                                                                                                                                0x004922fc
                                                                                                                                                                                0x00492300
                                                                                                                                                                                0x00492302
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00492308
                                                                                                                                                                                0x0049230c
                                                                                                                                                                                0x00492327
                                                                                                                                                                                0x0049230e
                                                                                                                                                                                0x00492316
                                                                                                                                                                                0x00492316
                                                                                                                                                                                0x0049232a
                                                                                                                                                                                0x0049232e
                                                                                                                                                                                0x00492349
                                                                                                                                                                                0x0049234f
                                                                                                                                                                                0x00492351
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00492370
                                                                                                                                                                                0x00492375
                                                                                                                                                                                0x00492391
                                                                                                                                                                                0x00492397
                                                                                                                                                                                0x004923a1
                                                                                                                                                                                0x004923bc
                                                                                                                                                                                0x004923c4
                                                                                                                                                                                0x004923c6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004923c8
                                                                                                                                                                                0x004923cc
                                                                                                                                                                                0x004923d4
                                                                                                                                                                                0x004923d4
                                                                                                                                                                                0x004923e4
                                                                                                                                                                                0x004923ea
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00492330
                                                                                                                                                                                0x00492330
                                                                                                                                                                                0x004923f0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004923f0
                                                                                                                                                                                0x0049232e
                                                                                                                                                                                0x004923f5
                                                                                                                                                                                0x004923fc
                                                                                                                                                                                0x00492408
                                                                                                                                                                                0x0049240d
                                                                                                                                                                                0x0049240f
                                                                                                                                                                                0x00492417
                                                                                                                                                                                0x0049241c
                                                                                                                                                                                0x0049241c
                                                                                                                                                                                0x0049240f
                                                                                                                                                                                0x00492421
                                                                                                                                                                                0x00492427
                                                                                                                                                                                0x0049242d
                                                                                                                                                                                0x00492434
                                                                                                                                                                                0x00492439
                                                                                                                                                                                0x00492443
                                                                                                                                                                                0x00492448
                                                                                                                                                                                0x0049244e
                                                                                                                                                                                0x00492451
                                                                                                                                                                                0x00492466
                                                                                                                                                                                0x00492466
                                                                                                                                                                                0x00491fea
                                                                                                                                                                                0x00000000

                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Chrome_WidgetWin_0$Chrome_WidgetWin_1$IEFrame$MozillaUIWindowClass$MozillaWindowClass
                                                                                                                                                                                • API String ID: 0-1325454669
                                                                                                                                                                                • Opcode ID: 56bc0ef8441170afd3c74fe172dbffb336c7b668260a42a696f542b6c1fb72ae
                                                                                                                                                                                • Instruction ID: 068bcbba74f8fad60f21ca895231b3698f7e5d6b81cf0523b8161fadf405f3c8
                                                                                                                                                                                • Opcode Fuzzy Hash: 56bc0ef8441170afd3c74fe172dbffb336c7b668260a42a696f542b6c1fb72ae
                                                                                                                                                                                • Instruction Fuzzy Hash: 98D17BB0904258DBDB25DB64CD95BEEBB78AF14304F1041EEE10967291DB782F88CF99
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004908A0, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 147COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 802 4908a0-4908de GetTickCount 803 4908e0-4908f2 802->803 804 490902-490940 call 434050 call 4175c0 call 434050 call 4175c0 802->804 803->804 805 4908f4-4908fd 803->805 817 49094d-49095d call 4903a0 804->817 818 490942-490948 call 405140 804->818 807 490ab3-490acb call 44f6c8 805->807 821 490962-490967 817->821 818->817 822 490a89-490aad call 4176e0 * 2 821->822 823 49096d-490971 821->823 822->807 824 49097a-4909b3 call 416a30 call 45508b call 452266 823->824 825 490973 823->825 824->822 836 4909b9-4909de call 455a52 call 4522f9 824->836 825->824 841 4909e9-4909ff call 4522f9 836->841 842 4909e0-4909e7 836->842 848 490a0a-490a20 call 4522f9 841->848 849 490a01-490a08 841->849 843 490a29-490a2d 842->843 846 490a2f-490a6f call 434050 call 417910 call 4181d0 call 4176e0 843->846 847 490a71-490a86 843->847 846->822 847->822 848->843 856 490a22 848->856 849->843 856->843
                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                			E004908A0(void* __ebx, signed int __ecx, void* __edi, void* __esi, signed int _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v52;
				char _v80;
				char _v84;
				char _v88;
				long _v92;
				char _v608;
				char _v1120;
				char _v1121;
				char _v1122;
				char _v1156;
				char _v1157;
				intOrPtr _v1164;
				signed int _v1168;
				signed int _t61;
				signed int _t62;
				signed char _t70;
				intOrPtr _t73;
				signed int _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				void* _t93;
				void* _t123;
				void* _t124;
				signed int _t125;

				_t124 = __esi;
				_t123 = __edi;
				_t93 = __ebx;
				_push(0xffffffff);
				_push(0x50ab4d);
				_push( *[fs:0x0]);
				_t61 =  *0x561244; // 0x554c9ad9
				_t62 = _t61 ^ _t125;
				_v20 = _t62;
				_push(_t62);
				 *[fs:0x0] =  &_v16;
				_v1168 = __ecx;
				_v92 = GetTickCount();
				if(_a4 != 0 || _v92 -  *((intOrPtr*)(_v1168 + 0x20)) >= 0xbb8) {
					_v88 = 0xffffffff;
					E004175C0(E00434050( &_v1121));
					_v8 = 0;
					E004175C0(E00434050( &_v1122));
					_v8 = 1;
					__eflags = _a4;
					if(__eflags != 0) {
						__eflags = _a4 + 4;
						E00405140(_a4 + 4);
					}
					_t70 = E004903A0(_t93, _v1168, _t123, _t124, __eflags,  &_v84,  &_v52, 0); // executed
					_t121 = _t70 & 0x000000ff;
					__eflags = _t70 & 0x000000ff;
					if((_t70 & 0x000000ff) != 0) {
						__eflags = _a4;
						if(_a4 == 0) {
							_v88 = 0;
						}
						E0045508B(E00416A30( &_v80), 0, 0,  &_v608,  &_v1120);
						_t121 =  &_v1120;
						_t78 = E00452266( &_v1120,  &_v1120, L".exe");
						__eflags = _t78;
						if(_t78 == 0) {
							E00455A52( &_v1120, _t123,  &_v608);
							_t81 = E004522F9( &_v608, L"iexplore");
							__eflags = _t81;
							if(_t81 != 0) {
								_t82 = E004522F9( &_v608, L"firefox");
								__eflags = _t82;
								if(_t82 != 0) {
									_t84 = E004522F9( &_v608, L"chrome");
									__eflags = _t84;
									if(_t84 == 0) {
										_v88 = 2;
									}
								} else {
									_v88 = 1;
								}
							} else {
								_v88 = 0;
							}
							__eflags = _a4;
							if(_a4 == 0) {
								 *((intOrPtr*)(_v1168 + 0x24)) = _v88;
								_t121 = _v1168;
								 *((intOrPtr*)(_v1168 + 0x20)) = _v92;
							} else {
								E00417910( &_v608, E00434050( &_v1157));
								_v8 = 2;
								_t121 =  &_v1156;
								E004181D0(_a4,  &_v1156);
								_v8 = 1;
								E004176E0();
							}
						}
					}
					_v1164 = _v88;
					_v8 = 0;
					E004176E0();
					_v8 = 0xffffffff;
					E004176E0();
					_t73 = _v1164;
				} else {
					_t121 = _v1168;
					_t73 =  *((intOrPtr*)(_v1168 + 0x24));
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t73, _t93, _v20 ^ _t125, _t121, _t123, _t124);
			}































                                                                                                                                                                                0x004908a0
                                                                                                                                                                                0x004908a0
                                                                                                                                                                                0x004908a0
                                                                                                                                                                                0x004908a3
                                                                                                                                                                                0x004908a5
                                                                                                                                                                                0x004908b0
                                                                                                                                                                                0x004908b7
                                                                                                                                                                                0x004908bc
                                                                                                                                                                                0x004908be
                                                                                                                                                                                0x004908c1
                                                                                                                                                                                0x004908c5
                                                                                                                                                                                0x004908cb
                                                                                                                                                                                0x004908d7
                                                                                                                                                                                0x004908de
                                                                                                                                                                                0x00490902
                                                                                                                                                                                0x00490918
                                                                                                                                                                                0x0049091d
                                                                                                                                                                                0x00490933
                                                                                                                                                                                0x00490938
                                                                                                                                                                                0x0049093c
                                                                                                                                                                                0x00490940
                                                                                                                                                                                0x00490945
                                                                                                                                                                                0x00490948
                                                                                                                                                                                0x00490948
                                                                                                                                                                                0x0049095d
                                                                                                                                                                                0x00490962
                                                                                                                                                                                0x00490965
                                                                                                                                                                                0x00490967
                                                                                                                                                                                0x0049096d
                                                                                                                                                                                0x00490971
                                                                                                                                                                                0x00490973
                                                                                                                                                                                0x00490973
                                                                                                                                                                                0x00490995
                                                                                                                                                                                0x004909a2
                                                                                                                                                                                0x004909a9
                                                                                                                                                                                0x004909b1
                                                                                                                                                                                0x004909b3
                                                                                                                                                                                0x004909c0
                                                                                                                                                                                0x004909d4
                                                                                                                                                                                0x004909dc
                                                                                                                                                                                0x004909de
                                                                                                                                                                                0x004909f5
                                                                                                                                                                                0x004909fd
                                                                                                                                                                                0x004909ff
                                                                                                                                                                                0x00490a16
                                                                                                                                                                                0x00490a1e
                                                                                                                                                                                0x00490a20
                                                                                                                                                                                0x00490a22
                                                                                                                                                                                0x00490a22
                                                                                                                                                                                0x00490a01
                                                                                                                                                                                0x00490a01
                                                                                                                                                                                0x00490a01
                                                                                                                                                                                0x004909e0
                                                                                                                                                                                0x004909e0
                                                                                                                                                                                0x004909e0
                                                                                                                                                                                0x00490a29
                                                                                                                                                                                0x00490a2d
                                                                                                                                                                                0x00490a7a
                                                                                                                                                                                0x00490a7d
                                                                                                                                                                                0x00490a86
                                                                                                                                                                                0x00490a2f
                                                                                                                                                                                0x00490a48
                                                                                                                                                                                0x00490a4d
                                                                                                                                                                                0x00490a51
                                                                                                                                                                                0x00490a5b
                                                                                                                                                                                0x00490a60
                                                                                                                                                                                0x00490a6a
                                                                                                                                                                                0x00490a6a
                                                                                                                                                                                0x00490a2d
                                                                                                                                                                                0x004909b3
                                                                                                                                                                                0x00490a8c
                                                                                                                                                                                0x00490a92
                                                                                                                                                                                0x00490a99
                                                                                                                                                                                0x00490a9e
                                                                                                                                                                                0x00490aa8
                                                                                                                                                                                0x00490aad
                                                                                                                                                                                0x004908f4
                                                                                                                                                                                0x004908f4
                                                                                                                                                                                0x004908fa
                                                                                                                                                                                0x004908fa
                                                                                                                                                                                0x00490ab6
                                                                                                                                                                                0x00490acb

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountTick__wcsicoll__wcslwr__wsplitpath
                                                                                                                                                                                • String ID: .exe$chrome$firefox$iexplore
                                                                                                                                                                                • API String ID: 2438297081-2896129864
                                                                                                                                                                                • Opcode ID: cf8e94bc8ea0cae666e0ef0f4f3d3d65c5c84e9bf9cfdba511dce628c4587b28
                                                                                                                                                                                • Instruction ID: 37f3a4782168a7ba4b219689af37ff2fec423a0874b7ec890f9b0939c7c311b7
                                                                                                                                                                                • Opcode Fuzzy Hash: cf8e94bc8ea0cae666e0ef0f4f3d3d65c5c84e9bf9cfdba511dce628c4587b28
                                                                                                                                                                                • Instruction Fuzzy Hash: 265173B19102189FDF14DF95CD85BEEBBB4BF14304F1085AEE50667281EB786A48CF98
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004D22E0, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 144COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                C-Code - Quality: 70%
                                                                                                                                                                                			E004D22E0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v150;
				short _v152;
				char _v180;
				void* _v184;
				char _v212;
				char _v216;
				char _v220;
				char _v221;
				char _v252;
				char _v284;
				char _v285;
				intOrPtr _v292;
				char _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				signed int _t52;
				signed int _t53;
				long _t65;
				signed char _t66;
				void* _t69;
				void* _t83;
				void* _t116;
				void* _t117;
				signed int _t118;

				_t117 = __esi;
				_t116 = __edi;
				_t83 = __ebx;
				_push(0xffffffff);
				_push(0x50c1e1);
				_push( *[fs:0x0]);
				_t52 =  *0x561244; // 0x554c9ad9
				_t53 = _t52 ^ _t118;
				_v20 = _t53;
				_push(_t53);
				 *[fs:0x0] =  &_v16;
				_v220 = 4;
				E004175C0(E00434050( &_v221));
				_v8 = 0;
				if(0x5bdf4c == 0) {
					_v296 = 0;
				} else {
					_v296 = 0x5bdf50;
				}
				_v300 = E004098D0( &_v252, _v296, L"TBConfig.inf");
				_v304 = _v300;
				_v8 = 1;
				E00409810(_v304);
				_v8 = 3;
				E004178C0( &_v252);
				_v152 = 0;
				E00451D90(_t116,  &_v150, 0, 0x7e);
				_t65 = GetPrivateProfileStringW(L"toolbar", L"name", 0x534670,  &_v152, 0x40, E00416A30( &_v180)); // executed
				if(_t65 != 0) {
					E00417910( &_v152, E00434050( &_v285));
					_v8 = 4;
					E004181D0( &_v216,  &_v284);
					_v8 = 3;
					E004176E0();
				}
				_t66 = E00416630( &_v212);
				_t126 = _t66 & 0x000000ff;
				if((_t66 & 0x000000ff) != 0) {
					E004160E0(E004D1B70( &_v212, 0xe),  &_v216, 1);
				}
				if(E00425A20(_t83,  &_v212, _t116, _t117, _t126, 0, 4, L"mntr") != 0) {
					__eflags = E00425A20(_t83,  &_v212, _t116, _t117, __eflags, 0, 4, L"bstl");
					if(__eflags != 0) {
						_t69 = E00425A20(_t83,  &_v212, _t116, _t117, __eflags, 0, 4, L"cndt");
						__eflags = _t69;
						if(_t69 == 0) {
							_v220 = 3;
						}
					} else {
						_v220 = 2;
					}
				} else {
					_v220 = 1;
				}
				if(_a4 != 0) {
					E004181D0(_a4,  &_v216);
				}
				_v292 = _v220;
				_v8 = 0;
				E004176E0();
				_v8 = 0xffffffff;
				E004176E0();
				 *[fs:0x0] = _v16;
				return E0044F6C8(_v292, _t83, _v20 ^ _t118, _v220, _t116, _t117);
			}






























                                                                                                                                                                                0x004d22e0
                                                                                                                                                                                0x004d22e0
                                                                                                                                                                                0x004d22e0
                                                                                                                                                                                0x004d22e3
                                                                                                                                                                                0x004d22e5
                                                                                                                                                                                0x004d22f0
                                                                                                                                                                                0x004d22f7
                                                                                                                                                                                0x004d22fc
                                                                                                                                                                                0x004d22fe
                                                                                                                                                                                0x004d2301
                                                                                                                                                                                0x004d2305
                                                                                                                                                                                0x004d230b
                                                                                                                                                                                0x004d2327
                                                                                                                                                                                0x004d232c
                                                                                                                                                                                0x004d233a
                                                                                                                                                                                0x004d234c
                                                                                                                                                                                0x004d233c
                                                                                                                                                                                0x004d2344
                                                                                                                                                                                0x004d2344
                                                                                                                                                                                0x004d2371
                                                                                                                                                                                0x004d237d
                                                                                                                                                                                0x004d2383
                                                                                                                                                                                0x004d2394
                                                                                                                                                                                0x004d2399
                                                                                                                                                                                0x004d23a3
                                                                                                                                                                                0x004d23aa
                                                                                                                                                                                0x004d23bc
                                                                                                                                                                                0x004d23e8
                                                                                                                                                                                0x004d23f0
                                                                                                                                                                                0x004d240b
                                                                                                                                                                                0x004d2410
                                                                                                                                                                                0x004d2421
                                                                                                                                                                                0x004d2426
                                                                                                                                                                                0x004d2430
                                                                                                                                                                                0x004d2430
                                                                                                                                                                                0x004d243b
                                                                                                                                                                                0x004d2443
                                                                                                                                                                                0x004d2445
                                                                                                                                                                                0x004d245c
                                                                                                                                                                                0x004d245c
                                                                                                                                                                                0x004d2477
                                                                                                                                                                                0x004d2499
                                                                                                                                                                                0x004d249b
                                                                                                                                                                                0x004d24b8
                                                                                                                                                                                0x004d24bd
                                                                                                                                                                                0x004d24bf
                                                                                                                                                                                0x004d24c1
                                                                                                                                                                                0x004d24c1
                                                                                                                                                                                0x004d249d
                                                                                                                                                                                0x004d249d
                                                                                                                                                                                0x004d249d
                                                                                                                                                                                0x004d2479
                                                                                                                                                                                0x004d2479
                                                                                                                                                                                0x004d2479
                                                                                                                                                                                0x004d24cf
                                                                                                                                                                                0x004d24db
                                                                                                                                                                                0x004d24db
                                                                                                                                                                                0x004d24e6
                                                                                                                                                                                0x004d24ec
                                                                                                                                                                                0x004d24f6
                                                                                                                                                                                0x004d24fb
                                                                                                                                                                                0x004d2508
                                                                                                                                                                                0x004d2516
                                                                                                                                                                                0x004d252b

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PrivateProfileString_memset
                                                                                                                                                                                • String ID: TBConfig.inf$bstl$cndt$mntr$name$toolbar
                                                                                                                                                                                • API String ID: 52020338-616969326
                                                                                                                                                                                • Opcode ID: 9b17034faa8acb1e13858c988e952c5f8bf80c987a006225bf90631542978feb
                                                                                                                                                                                • Instruction ID: 179ce378cb9408fc47fb286d9aad18257402b0420dcce1f1aa30694a285b3d12
                                                                                                                                                                                • Opcode Fuzzy Hash: 9b17034faa8acb1e13858c988e952c5f8bf80c987a006225bf90631542978feb
                                                                                                                                                                                • Instruction Fuzzy Hash: 4C513170A002189ADB24DF65DD52BEEB774AF54304F0041DBE609B62C1EF786B88CF59
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00496160, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                C-Code - Quality: 62%
                                                                                                                                                                                			E00496160(void* __ebx, void* __edi, void* __esi, void* __eflags, long _a4, intOrPtr _a8) {
				int _v8;
				char _v16;
				void* _v20;
				signed int _v24;
				char _v542;
				char _v544;
				int _v548;
				int _v552;
				char _v584;
				char _v585;
				char _v620;
				char _v621;
				signed int _t39;
				signed int _t40;
				short _t42;
				void* _t50;
				void* _t52;
				void* _t62;
				void* _t86;
				signed int _t87;

				_t86 = __esi;
				_t85 = __edi;
				_t62 = __ebx;
				_push(0xffffffff);
				_push(0x5085e8);
				_push( *[fs:0x0]);
				_t39 =  *0x561244; // 0x554c9ad9
				_t40 = _t39 ^ _t87;
				_v24 = _t40;
				_push(_t40);
				 *[fs:0x0] =  &_v16;
				_t42 =  *0x52a818; // 0x0
				_v544 = _t42;
				E00451D90(__edi,  &_v542, 0, 0x206);
				E00417910(L"N/A", E00434050( &_v585));
				_v8 = 0;
				_t82 =  &_v584;
				E004181D0(_a8,  &_v584);
				_v8 = 0xffffffff;
				E004176E0();
				_v20 = OpenProcess(0x410, 0, _a4);
				if(_v20 == 0) {
					_t50 = 0;
				} else {
					_v548 = 0;
					_v552 = 0;
					_push( &_v552);
					_push(4);
					_push( &_v548);
					_t52 = _v20;
					_push(_t52); // executed
					L0046BBE6(); // executed
					if(_t52 == 0) {
						_push(0x104);
						_push( &_v544);
						_t82 = _v20;
						_push(_v20);
						L0046BBEC();
						if(_t52 != 0) {
							goto L5;
						} else {
							CloseHandle(_v20);
							_t50 = 0;
						}
					} else {
						_push(0x104);
						_push( &_v544);
						_push(_v548);
						_push(_v20); // executed
						L0046BBE0(); // executed
						L5:
						E00417910( &_v544, E00434050( &_v621));
						_v8 = 1;
						_t82 =  &_v620;
						E004181D0(_a8,  &_v620);
						_v8 = 0xffffffff;
						E004176E0();
						FindCloseChangeNotification(_v20); // executed
						_t50 = E0042E0C0(_a8 + 4);
					}
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t50, _t62, _v24 ^ _t87, _t82, _t85, _t86);
			}























                                                                                                                                                                                0x00496160
                                                                                                                                                                                0x00496160
                                                                                                                                                                                0x00496160
                                                                                                                                                                                0x00496163
                                                                                                                                                                                0x00496165
                                                                                                                                                                                0x00496170
                                                                                                                                                                                0x00496177
                                                                                                                                                                                0x0049617c
                                                                                                                                                                                0x0049617e
                                                                                                                                                                                0x00496181
                                                                                                                                                                                0x00496185
                                                                                                                                                                                0x0049618b
                                                                                                                                                                                0x00496191
                                                                                                                                                                                0x004961a6
                                                                                                                                                                                0x004961c5
                                                                                                                                                                                0x004961ca
                                                                                                                                                                                0x004961d1
                                                                                                                                                                                0x004961db
                                                                                                                                                                                0x004961e0
                                                                                                                                                                                0x004961ed
                                                                                                                                                                                0x00496203
                                                                                                                                                                                0x0049620a
                                                                                                                                                                                0x004962ce
                                                                                                                                                                                0x00496210
                                                                                                                                                                                0x00496210
                                                                                                                                                                                0x0049621a
                                                                                                                                                                                0x0049622a
                                                                                                                                                                                0x0049622b
                                                                                                                                                                                0x00496233
                                                                                                                                                                                0x00496234
                                                                                                                                                                                0x00496237
                                                                                                                                                                                0x00496238
                                                                                                                                                                                0x0049623f
                                                                                                                                                                                0x0049625f
                                                                                                                                                                                0x0049626a
                                                                                                                                                                                0x0049626b
                                                                                                                                                                                0x0049626e
                                                                                                                                                                                0x0049626f
                                                                                                                                                                                0x00496276
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00496278
                                                                                                                                                                                0x0049627c
                                                                                                                                                                                0x00496282
                                                                                                                                                                                0x00496282
                                                                                                                                                                                0x00496241
                                                                                                                                                                                0x00496241
                                                                                                                                                                                0x0049624c
                                                                                                                                                                                0x00496253
                                                                                                                                                                                0x00496257
                                                                                                                                                                                0x00496258
                                                                                                                                                                                0x00496286
                                                                                                                                                                                0x0049629f
                                                                                                                                                                                0x004962a4
                                                                                                                                                                                0x004962ab
                                                                                                                                                                                0x004962b5
                                                                                                                                                                                0x004962ba
                                                                                                                                                                                0x004962c7
                                                                                                                                                                                0x004962d6
                                                                                                                                                                                0x004962e2
                                                                                                                                                                                0x004962e2
                                                                                                                                                                                0x0049623f
                                                                                                                                                                                0x004962ea
                                                                                                                                                                                0x004962ff

                                                                                                                                                                                APIs
                                                                                                                                                                                • _memset.LIBCMT ref: 004961A6
                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,004E02FB,?,N/A,00000000,?,?,554C9AD9), ref: 004961FD
                                                                                                                                                                                • EnumProcessModules.PSAPI(00000000,00000000,00000004,00000000,?,?,554C9AD9), ref: 00496238
                                                                                                                                                                                • GetModuleFileNameExW.PSAPI(00000000,00000000,?,00000104,00000000,00000000,00000004,00000000,?,?,554C9AD9), ref: 00496258
                                                                                                                                                                                • GetProcessImageFileNameW.PSAPI(00000000,?,00000104,00000000,00000000,00000004,00000000,?,?,554C9AD9), ref: 0049626F
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,00000104,00000000,00000000,00000004,00000000,?,?,554C9AD9), ref: 0049627C
                                                                                                                                                                                • FindCloseChangeNotification.KERNEL32(00000000,?,?,00000000,00000000,?,00000104,00000000,00000000,00000004,00000000,?,?,554C9AD9), ref: 004962D6
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Process$CloseFileName$ChangeEnumFindHandleImageModuleModulesNotificationOpen_memset
                                                                                                                                                                                • String ID: N/A
                                                                                                                                                                                • API String ID: 2394274632-2525114547
                                                                                                                                                                                • Opcode ID: 85c87853d1502f1e7d5e0258176d7836ad069b63651bb0d7593d93534b3205e6
                                                                                                                                                                                • Instruction ID: 42d94aa43d634cfac3a89f673f245cccc0f2457812a480bc51963134419dc0f8
                                                                                                                                                                                • Opcode Fuzzy Hash: 85c87853d1502f1e7d5e0258176d7836ad069b63651bb0d7593d93534b3205e6
                                                                                                                                                                                • Instruction Fuzzy Hash: 5B41BF71900218ABDB14EFA0DC49FEEB374FF18300F0046AEB519A7190EB786A48CF58
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0048CC50, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 107COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                			E0048CC50(void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v16;
				char _v24;
				char _v28;
				signed int _v32;
				char _v94;
				char _v96;
				char _v124;
				char _v128;
				char _v129;
				signed int _v136;
				signed int _t30;
				signed int _t31;
				void* _t36;
				signed int _t47;
				signed char _t54;
				signed int _t78;

				_t77 = __esi;
				_t76 = __edi;
				_t55 = __ebx;
				_push(0xffffffff);
				_push(0x50eabb);
				_push( *[fs:0x0]);
				_t30 =  *0x561244; // 0x554c9ad9
				_t31 = _t30 ^ _t78;
				_v32 = _t31;
				_push(_t31);
				 *[fs:0x0] =  &_v16;
				if(( *0x5c3048 & 0x00000001) == 0) {
					 *0x5c3048 =  *0x5c3048 | 0x00000001;
					_v8 = 0;
					_t54 = E0048C830(__ebx, __edi, __esi,  *0x5c3048 | 0x00000001); // executed
					asm("sbb edx, edx");
					_t73 =  ~( ~(_t54 & 0x000000ff));
					 *0x5c3044 =  ~( ~(_t54 & 0x000000ff));
					_v8 = 0xffffffff;
				}
				if( *0x5c3044 <= 1) {
					E00434E30( &_v24);
					_v8 = 1;
					_t36 = E0041EEA0( &_v24, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Google Chrome\\", 1); // executed
					__eflags = _t36;
					if(_t36 != 0) {
						E004175C0(E00434050( &_v129));
						_v8 = 2;
						_t73 =  &_v128;
						E0048C630(_t55, _t76, _t77, __eflags,  &_v128);
						E00427FD0(_t55, _t76, _t77, __eflags,  &_v128);
						 *0x5c3044 = E00451CBD(PathFindFileNameW(E00416A30( &_v124)), 0, 0xa);
						_v8 = 1;
						E004176E0();
					} else {
						_v96 = 0;
						E00451D90(_t76,  &_v94, 0, 0x3e);
						_v28 = 0x20;
						_t73 =  &_v28;
						E0041EDE0( &_v24, L"Version",  &_v96,  &_v28); // executed
						 *0x5c3044 = E00451CBD( &_v96, 0, 0xa);
					}
					_v136 =  *0x5c3044;
					_v8 = 0xffffffff;
					E0041EF60( &_v24);
					_t47 = _v136;
				} else {
					_t47 =  *0x5c3044;
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t47, _t55, _v32 ^ _t78, _t73, _t76, _t77);
			}




















                                                                                                                                                                                0x0048cc50
                                                                                                                                                                                0x0048cc50
                                                                                                                                                                                0x0048cc50
                                                                                                                                                                                0x0048cc53
                                                                                                                                                                                0x0048cc55
                                                                                                                                                                                0x0048cc60
                                                                                                                                                                                0x0048cc64
                                                                                                                                                                                0x0048cc69
                                                                                                                                                                                0x0048cc6b
                                                                                                                                                                                0x0048cc6e
                                                                                                                                                                                0x0048cc72
                                                                                                                                                                                0x0048cc80
                                                                                                                                                                                0x0048cc8b
                                                                                                                                                                                0x0048cc91
                                                                                                                                                                                0x0048cc98
                                                                                                                                                                                0x0048cca2
                                                                                                                                                                                0x0048cca4
                                                                                                                                                                                0x0048cca6
                                                                                                                                                                                0x0048ccac
                                                                                                                                                                                0x0048ccac
                                                                                                                                                                                0x0048ccba
                                                                                                                                                                                0x0048ccc9
                                                                                                                                                                                0x0048ccce
                                                                                                                                                                                0x0048cce4
                                                                                                                                                                                0x0048cce9
                                                                                                                                                                                0x0048cceb
                                                                                                                                                                                0x0048cd42
                                                                                                                                                                                0x0048cd47
                                                                                                                                                                                0x0048cd4b
                                                                                                                                                                                0x0048cd4f
                                                                                                                                                                                0x0048cd5b
                                                                                                                                                                                0x0048cd7f
                                                                                                                                                                                0x0048cd84
                                                                                                                                                                                0x0048cd8b
                                                                                                                                                                                0x0048cced
                                                                                                                                                                                0x0048ccef
                                                                                                                                                                                0x0048ccfb
                                                                                                                                                                                0x0048cd03
                                                                                                                                                                                0x0048cd0a
                                                                                                                                                                                0x0048cd1a
                                                                                                                                                                                0x0048cd2f
                                                                                                                                                                                0x0048cd2f
                                                                                                                                                                                0x0048cd96
                                                                                                                                                                                0x0048cd9c
                                                                                                                                                                                0x0048cda6
                                                                                                                                                                                0x0048cdab
                                                                                                                                                                                0x0048ccbc
                                                                                                                                                                                0x0048ccbc
                                                                                                                                                                                0x0048ccbc
                                                                                                                                                                                0x0048cdb4
                                                                                                                                                                                0x0048cdc9

                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 0048CCC9
                                                                                                                                                                                  • Part of subcall function 0041EEA0: RegOpenKeyExW.KERNEL32(00000001,?,00000000,00000000,00000000,Software\Microsoft\Internet Explorer\,00000001), ref: 0041EECA
                                                                                                                                                                                • _memset.LIBCMT ref: 0048CCFB
                                                                                                                                                                                  • Part of subcall function 0041EDE0: RegQueryValueExW.KERNEL32(00000020,00000001,00000000,00000020,?,00000001,0047F702,svcVersion,00000001,00000020,Software\Microsoft\Internet Explorer\,00000001,554C9AD9), ref: 0041EE1C
                                                                                                                                                                                • __wcstoi64.LIBCMT ref: 0048CD27
                                                                                                                                                                                  • Part of subcall function 00451CBD: wcstoxl.LIBCMT ref: 00451CDE
                                                                                                                                                                                • PathFindFileNameW.SHLWAPI(00000000,00000000,0000000A,?,554C9AD9), ref: 0048CD70
                                                                                                                                                                                • __wcstoi64.LIBCMT ref: 0048CD77
                                                                                                                                                                                Strings
                                                                                                                                                                                • Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\, xrefs: 0048CCD7
                                                                                                                                                                                • , xrefs: 0048CD03
                                                                                                                                                                                • Version, xrefs: 0048CD12
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __wcstoi64$FileFindIterator_baseIterator_base::_NameOpenPathQueryValue_memsetstd::_wcstoxl
                                                                                                                                                                                • String ID: $Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\$Version
                                                                                                                                                                                • API String ID: 1568900015-1727943444
                                                                                                                                                                                • Opcode ID: 0d056e1dbfceb165f736f26df462f6872810e326eaf699d6c1f84c2639e75544
                                                                                                                                                                                • Instruction ID: 835d22ece1afbabd0d8e238a4dcff697028dac8f7890ad11750f1be22d999115
                                                                                                                                                                                • Opcode Fuzzy Hash: 0d056e1dbfceb165f736f26df462f6872810e326eaf699d6c1f84c2639e75544
                                                                                                                                                                                • Instruction Fuzzy Hash: DF41DF71D006089FCB24EBA4ED86BEDB7B4EB14704F10852EE516A72D1EB386708CB59
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0047F670, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 80COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 984 47f670-47f69f 985 47f6a5-47f6ca call 434e30 call 41eea0 984->985 986 47f75a-47f75e 984->986 995 47f6cc-47f6fd call 451d90 call 41ede0 985->995 996 47f74b-47f755 call 41ef60 985->996 987 47f760-47f769 986->987 988 47f76b-47f788 call 44f6c8 986->988 987->988 1001 47f702-47f709 995->1001 996->986 1002 47f70b-47f727 call 41ede0 1001->1002 1003 47f72a-47f72e 1001->1003 1002->1003 1003->996 1005 47f730-47f748 call 452133 1003->1005 1005->996
                                                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                                                			E0047F670(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				char _v16;
				char _v24;
				char _v28;
				signed int _v32;
				char _v94;
				char _v96;
				intOrPtr _v100;
				signed int _t28;
				signed int _t29;
				intOrPtr _t31;
				void* _t34;
				short _t36;
				intOrPtr _t39;
				void* _t43;
				void* _t58;
				signed int _t59;

				_t58 = __esi;
				_t57 = __edi;
				_t43 = __ebx;
				_push(0xffffffff);
				_push(0x5059c6);
				_push( *[fs:0x0]);
				_t28 =  *0x561244; // 0x554c9ad9
				_t29 = _t28 ^ _t59;
				_v32 = _t29;
				_push(_t29);
				 *[fs:0x0] =  &_v16;
				if( *0x5c2144 == 0) {
					E00434E30( &_v24);
					_v8 = 0;
					_t34 = E0041EEA0( &_v24, 0x80000002, L"Software\\Microsoft\\Internet Explorer\\", 1); // executed
					if(_t34 == 0) {
						_t36 =  *0x5244e4; // 0x0
						_v96 = _t36;
						E00451D90(__edi,  &_v94, 0, 0x3e);
						_v28 = 0x20;
						_t56 =  &_v28;
						_t39 = E0041EDE0( &_v24, L"svcVersion",  &_v96,  &_v28); // executed
						_v100 = _t39;
						if(_v100 != 0) {
							_v28 = 0x20;
							_t56 =  &_v96;
							_v100 = E0041EDE0( &_v24, L"Version",  &_v96,  &_v28);
						}
						if(_v100 == 0) {
							_push(0x5c2148);
							E00452133( &_v96, L"%d.%d", 0x5c2144);
						}
					}
					_v8 = 0xffffffff;
					E0041EF60( &_v24);
				}
				if(_a4 != 0) {
					_t56 =  *0x5c2148; // 0x1
					 *_a4 = _t56;
				}
				_t31 =  *0x5c2144; // 0xb
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t31, _t43, _v32 ^ _t59, _t56, _t57, _t58);
			}




















                                                                                                                                                                                0x0047f670
                                                                                                                                                                                0x0047f670
                                                                                                                                                                                0x0047f670
                                                                                                                                                                                0x0047f673
                                                                                                                                                                                0x0047f675
                                                                                                                                                                                0x0047f680
                                                                                                                                                                                0x0047f684
                                                                                                                                                                                0x0047f689
                                                                                                                                                                                0x0047f68b
                                                                                                                                                                                0x0047f68e
                                                                                                                                                                                0x0047f692
                                                                                                                                                                                0x0047f69f
                                                                                                                                                                                0x0047f6a8
                                                                                                                                                                                0x0047f6ad
                                                                                                                                                                                0x0047f6c3
                                                                                                                                                                                0x0047f6ca
                                                                                                                                                                                0x0047f6cc
                                                                                                                                                                                0x0047f6d2
                                                                                                                                                                                0x0047f6de
                                                                                                                                                                                0x0047f6e6
                                                                                                                                                                                0x0047f6ed
                                                                                                                                                                                0x0047f6fd
                                                                                                                                                                                0x0047f702
                                                                                                                                                                                0x0047f709
                                                                                                                                                                                0x0047f70b
                                                                                                                                                                                0x0047f716
                                                                                                                                                                                0x0047f727
                                                                                                                                                                                0x0047f727
                                                                                                                                                                                0x0047f72e
                                                                                                                                                                                0x0047f730
                                                                                                                                                                                0x0047f743
                                                                                                                                                                                0x0047f748
                                                                                                                                                                                0x0047f72e
                                                                                                                                                                                0x0047f74b
                                                                                                                                                                                0x0047f755
                                                                                                                                                                                0x0047f755
                                                                                                                                                                                0x0047f75e
                                                                                                                                                                                0x0047f763
                                                                                                                                                                                0x0047f769
                                                                                                                                                                                0x0047f769
                                                                                                                                                                                0x0047f76b
                                                                                                                                                                                0x0047f773
                                                                                                                                                                                0x0047f788

                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 0047F6A8
                                                                                                                                                                                  • Part of subcall function 0041EEA0: RegOpenKeyExW.KERNEL32(00000001,?,00000000,00000000,00000000,Software\Microsoft\Internet Explorer\,00000001), ref: 0041EECA
                                                                                                                                                                                • _memset.LIBCMT ref: 0047F6DE
                                                                                                                                                                                  • Part of subcall function 0041EDE0: RegQueryValueExW.KERNEL32(00000020,00000001,00000000,00000020,?,00000001,0047F702,svcVersion,00000001,00000020,Software\Microsoft\Internet Explorer\,00000001,554C9AD9), ref: 0041EE1C
                                                                                                                                                                                • _swscanf.LIBCMT ref: 0047F743
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Iterator_baseIterator_base::_OpenQueryValue_memset_swscanfstd::_
                                                                                                                                                                                • String ID: $%d.%d$Software\Microsoft\Internet Explorer\$Version$svcVersion
                                                                                                                                                                                • API String ID: 1427520148-2889293724
                                                                                                                                                                                • Opcode ID: d6e4a18a42091573337230af4ee22e0c88e750f7268c64f949c79d1e53797a00
                                                                                                                                                                                • Instruction ID: a19b341dfb138a983270e55979cb8246c53d88c77a451253226e6c69376a3b92
                                                                                                                                                                                • Opcode Fuzzy Hash: d6e4a18a42091573337230af4ee22e0c88e750f7268c64f949c79d1e53797a00
                                                                                                                                                                                • Instruction Fuzzy Hash: 33316B74900208AFDB14DFA5D946FEEB774FB14704F00852EE9196B2D0E7781A49CB94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00482D30, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                			E00482D30(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v48;
				void* _v52;
				char _v60;
				char _v584;
				char _v588;
				char _v620;
				char _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				char _v668;
				intOrPtr _v672;
				intOrPtr _v676;
				signed int _t62;
				signed int _t63;
				intOrPtr _t67;
				void* _t75;
				signed int _t142;

				_t141 = __esi;
				_t140 = __edi;
				_t99 = __ebx;
				_push(0xffffffff);
				_push(0x50a749);
				_push( *[fs:0x0]);
				_t62 =  *0x561244; // 0x554c9ad9
				_t63 = _t62 ^ _t142;
				_v20 = _t63;
				_push(_t63);
				 *[fs:0x0] =  &_v16;
				E00434E30( &_v60);
				_v8 = 0;
				_t67 = E00482980(__ebx, __edi, __esi, __eflags,  &_v620, "LIpq0hKVkVaLMSLNpdvbwZ1ujeVTM3C6kW4BzYpnFeY3Qs6E"); // executed
				_v656 = _t67;
				_v660 = _v656;
				_v8 = 1;
				_v664 = _v660;
				if(_v664 == 0) {
					_v668 = 0;
				} else {
					_v668 = _v664 + 4;
				}
				_t138 =  &_v648;
				_v672 = E00409760( &_v648, L"Software\\", _v668);
				_v676 = _v672;
				_v8 = 2;
				E00409810(_v676);
				_v8 = 4;
				E004178C0( &_v648);
				_v8 = 5;
				E004176E0();
				E00405140(_a4 + 4);
				_t75 = E0041EEA0( &_v60, 0x80000001, E00416A30( &_v48), 1); // executed
				if(_t75 == 0) {
					_v588 = 0x104;
					_t138 =  &_v588;
					if(E0041EDE0( &_v60, L"INSTALL_FOLDER_NAME",  &_v584,  &_v588) == 0) {
						E00495D00(_t99, _t140, _t141, 0x23, _a4, 1, 1);
						E004130A0(_t99, E004130A0(_t99, _a4 + 4, _t140, _t141,  &_v584), _t140, _t141, "\\");
						_v588 = 0x104;
						E0041EDE0( &_v60, L"version",  &_v584,  &_v588);
						_t138 =  &_v584;
						E004130A0(_t99, E004130A0(_t99, _a4 + 4, _t140, _t141,  &_v584), _t140, _t141, "\\");
						_v588 = 0x104;
						if(E0041EDE0( &_v60, L"GUID",  &_v584,  &_v588) == 0) {
							_t138 =  &_v584;
							E004130A0(_t99, E004130A0(_t99, _a4 + 4, _t140, _t141,  &_v584), _t140, _t141, "\\");
							if((E00482950(_a4) & 0x000000ff) == 0) {
								E00405140(_a4 + 4);
							}
						}
					}
				}
				_v652 = E0042E0C0(_a4 + 4);
				_v8 = 0;
				E004176E0();
				_v8 = 0xffffffff;
				E0041EF60( &_v60);
				 *[fs:0x0] = _v16;
				_t60 =  &_v20; // 0x482fe9
				return E0044F6C8(_v652, _t99,  *_t60 ^ _t142, _t138, _t140, _t141);
			}

























                                                                                                                                                                                0x00482d30
                                                                                                                                                                                0x00482d30
                                                                                                                                                                                0x00482d30
                                                                                                                                                                                0x00482d33
                                                                                                                                                                                0x00482d35
                                                                                                                                                                                0x00482d40
                                                                                                                                                                                0x00482d47
                                                                                                                                                                                0x00482d4c
                                                                                                                                                                                0x00482d4e
                                                                                                                                                                                0x00482d51
                                                                                                                                                                                0x00482d55
                                                                                                                                                                                0x00482d5e
                                                                                                                                                                                0x00482d63
                                                                                                                                                                                0x00482d76
                                                                                                                                                                                0x00482d7e
                                                                                                                                                                                0x00482d8a
                                                                                                                                                                                0x00482d90
                                                                                                                                                                                0x00482d9a
                                                                                                                                                                                0x00482da7
                                                                                                                                                                                0x00482dba
                                                                                                                                                                                0x00482da9
                                                                                                                                                                                0x00482db2
                                                                                                                                                                                0x00482db2
                                                                                                                                                                                0x00482dd0
                                                                                                                                                                                0x00482ddf
                                                                                                                                                                                0x00482deb
                                                                                                                                                                                0x00482df1
                                                                                                                                                                                0x00482dff
                                                                                                                                                                                0x00482e04
                                                                                                                                                                                0x00482e0e
                                                                                                                                                                                0x00482e13
                                                                                                                                                                                0x00482e1d
                                                                                                                                                                                0x00482e28
                                                                                                                                                                                0x00482e40
                                                                                                                                                                                0x00482e47
                                                                                                                                                                                0x00482e4d
                                                                                                                                                                                0x00482e57
                                                                                                                                                                                0x00482e74
                                                                                                                                                                                0x00482e84
                                                                                                                                                                                0x00482ea5
                                                                                                                                                                                0x00482eaa
                                                                                                                                                                                0x00482eca
                                                                                                                                                                                0x00482ed4
                                                                                                                                                                                0x00482ee8
                                                                                                                                                                                0x00482eed
                                                                                                                                                                                0x00482f14
                                                                                                                                                                                0x00482f1b
                                                                                                                                                                                0x00482f2f
                                                                                                                                                                                0x00482f45
                                                                                                                                                                                0x00482f4d
                                                                                                                                                                                0x00482f4d
                                                                                                                                                                                0x00482f45
                                                                                                                                                                                0x00482f14
                                                                                                                                                                                0x00482e74
                                                                                                                                                                                0x00482f5d
                                                                                                                                                                                0x00482f63
                                                                                                                                                                                0x00482f6a
                                                                                                                                                                                0x00482f6f
                                                                                                                                                                                0x00482f79
                                                                                                                                                                                0x00482f87
                                                                                                                                                                                0x00482f8f
                                                                                                                                                                                0x00482f9c

                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00482D5E
                                                                                                                                                                                  • Part of subcall function 00482980: __wsplitpath.LIBCMT ref: 00482A17
                                                                                                                                                                                  • Part of subcall function 00482980: PathAddBackslashW.SHLWAPI(?), ref: 00482A26
                                                                                                                                                                                  • Part of subcall function 00482980: GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00482A43
                                                                                                                                                                                  • Part of subcall function 00482980: _sprintf.LIBCMT ref: 00482A59
                                                                                                                                                                                  • Part of subcall function 00482980: _strlen.LIBCMT ref: 00482A6F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: BackslashInformationIterator_baseIterator_base::_PathVolume__wsplitpath_sprintf_strlenstd::_
                                                                                                                                                                                • String ID: GUID$INSTALL_FOLDER_NAME$LIpq0hKVkVaLMSLNpdvbwZ1ujeVTM3C6kW4BzYpnFeY3Qs6E$Software\$version$/H
                                                                                                                                                                                • API String ID: 296098145-1771210073
                                                                                                                                                                                • Opcode ID: d00cf5c9b86d2ca915c402fd39765266082f4500f2a216ee98ea4d1d2c4c8bdb
                                                                                                                                                                                • Instruction ID: a4e47fa03a4ea7bb8f9dc1b7f546aa884ffc29575824f17271174dd53e9144ec
                                                                                                                                                                                • Opcode Fuzzy Hash: d00cf5c9b86d2ca915c402fd39765266082f4500f2a216ee98ea4d1d2c4c8bdb
                                                                                                                                                                                • Instruction Fuzzy Hash: 7B619F70900119AFDB14EF65DD9ABEDBBB4EF04308F4041AEF50967281EB746A84CF94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00495E20, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 114COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                			E00495E20(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				char _v24;
				signed int _v28;
				char _v56;
				void* _v60;
				char _v582;
				short _v584;
				char _v588;
				char _v589;
				char _v624;
				char _v625;
				intOrPtr _v632;
				char _v636;
				signed int _t51;
				signed int _t52;
				void* _t60;
				intOrPtr _t63;
				void* _t67;
				void* _t80;
				void* _t110;
				signed int _t111;

				_t110 = __esi;
				_t109 = __edi;
				_t80 = __ebx;
				_push(0xffffffff);
				_push(0x508587);
				_push( *[fs:0x0]);
				_t51 =  *0x561244; // 0x554c9ad9
				_t52 = _t51 ^ _t111;
				_v28 = _t52;
				_push(_t52);
				 *[fs:0x0] =  &_v16;
				E00434E30( &_v24);
				_v8 = 0;
				E00417910(L"Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\", E00434050( &_v589));
				_v8 = 1;
				E004130D0( &_v56, _a4);
				_t60 = E0041EEA0( &_v24, 0x80000002, E00416A30( &_v56), 1); // executed
				if(_t60 != 0) {
					L5:
					_v636 = 0;
					_v8 = 0;
					E004176E0();
					_v8 = 0xffffffff;
					E0041EF60( &_v24);
					_t63 = _v636;
				} else {
					_v584 = 0;
					_t106 =  &_v582;
					E00451D90(__edi,  &_v582, 0, 0x206);
					_v588 = 0x104;
					_t67 = E0041EDE0( &_v24, L"Path",  &_v584,  &_v588); // executed
					if(_t67 != 0) {
						goto L5;
					} else {
						if(( *(_t111 + E0044F9A4( &_v584) * 2 - 0x246) & 0x0000ffff) == 0x3b) {
							 *(_t111 + E0044F9A4( &_v584) * 2 - 0x246) = 0;
						}
						PathAddBackslashW( &_v584);
						E00417910( &_v584, E00434050( &_v625));
						_v8 = 2;
						_t106 =  &_v624;
						E004181D0(_a8,  &_v624);
						_v8 = 1;
						E004176E0();
						_v632 = E0042E0C0(_a8 + 4);
						_v8 = 0;
						E004176E0();
						_v8 = 0xffffffff;
						E0041EF60( &_v24); // executed
						_t63 = _v632;
					}
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t63, _t80, _v28 ^ _t111, _t106, _t109, _t110);
			}

























                                                                                                                                                                                0x00495e20
                                                                                                                                                                                0x00495e20
                                                                                                                                                                                0x00495e20
                                                                                                                                                                                0x00495e23
                                                                                                                                                                                0x00495e25
                                                                                                                                                                                0x00495e30
                                                                                                                                                                                0x00495e37
                                                                                                                                                                                0x00495e3c
                                                                                                                                                                                0x00495e3e
                                                                                                                                                                                0x00495e41
                                                                                                                                                                                0x00495e45
                                                                                                                                                                                0x00495e4e
                                                                                                                                                                                0x00495e53
                                                                                                                                                                                0x00495e6e
                                                                                                                                                                                0x00495e73
                                                                                                                                                                                0x00495e7e
                                                                                                                                                                                0x00495e96
                                                                                                                                                                                0x00495e9d
                                                                                                                                                                                0x00495fa5
                                                                                                                                                                                0x00495fa5
                                                                                                                                                                                0x00495faf
                                                                                                                                                                                0x00495fb6
                                                                                                                                                                                0x00495fbb
                                                                                                                                                                                0x00495fc5
                                                                                                                                                                                0x00495fca
                                                                                                                                                                                0x00495ea3
                                                                                                                                                                                0x00495ea5
                                                                                                                                                                                0x00495eb3
                                                                                                                                                                                0x00495eba
                                                                                                                                                                                0x00495ec2
                                                                                                                                                                                0x00495ee2
                                                                                                                                                                                0x00495ee9
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00495eef
                                                                                                                                                                                0x00495f09
                                                                                                                                                                                0x00495f1c
                                                                                                                                                                                0x00495f1c
                                                                                                                                                                                0x00495f2b
                                                                                                                                                                                0x00495f4a
                                                                                                                                                                                0x00495f4f
                                                                                                                                                                                0x00495f53
                                                                                                                                                                                0x00495f5d
                                                                                                                                                                                0x00495f62
                                                                                                                                                                                0x00495f6c
                                                                                                                                                                                0x00495f7c
                                                                                                                                                                                0x00495f82
                                                                                                                                                                                0x00495f89
                                                                                                                                                                                0x00495f8e
                                                                                                                                                                                0x00495f98
                                                                                                                                                                                0x00495f9d
                                                                                                                                                                                0x00495f9d
                                                                                                                                                                                0x00495ee9
                                                                                                                                                                                0x00495fd3
                                                                                                                                                                                0x00495fe8

                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00495E4E
                                                                                                                                                                                  • Part of subcall function 0041EEA0: RegOpenKeyExW.KERNEL32(00000001,?,00000000,00000000,00000000,Software\Microsoft\Internet Explorer\,00000001), ref: 0041EECA
                                                                                                                                                                                • _memset.LIBCMT ref: 00495EBA
                                                                                                                                                                                  • Part of subcall function 0041EDE0: RegQueryValueExW.KERNEL32(00000020,00000001,00000000,00000020,?,00000001,0047F702,svcVersion,00000001,00000020,Software\Microsoft\Internet Explorer\,00000001,554C9AD9), ref: 0041EE1C
                                                                                                                                                                                • _wcslen.LIBCMT ref: 00495EF6
                                                                                                                                                                                • _wcslen.LIBCMT ref: 00495F12
                                                                                                                                                                                • PathAddBackslashW.SHLWAPI(?,00000104,Software\Microsoft\Windows\CurrentVersion\App Paths\,00000000,554C9AD9), ref: 00495F2B
                                                                                                                                                                                Strings
                                                                                                                                                                                • Path, xrefs: 00495EDA
                                                                                                                                                                                • Software\Microsoft\Windows\CurrentVersion\App Paths\, xrefs: 00495E66
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _wcslen$BackslashIterator_baseIterator_base::_OpenPathQueryValue_memsetstd::_
                                                                                                                                                                                • String ID: Path$Software\Microsoft\Windows\CurrentVersion\App Paths\
                                                                                                                                                                                • API String ID: 3112264913-2411794369
                                                                                                                                                                                • Opcode ID: 975d175278dd65443fbb53221b63907db5ce05ed567f50349f860bfafcea2edf
                                                                                                                                                                                • Instruction ID: 0e721211a411d4d4bd81d772e4ff45de3ad52a7a022707b1392635551f2e36b6
                                                                                                                                                                                • Opcode Fuzzy Hash: 975d175278dd65443fbb53221b63907db5ce05ed567f50349f860bfafcea2edf
                                                                                                                                                                                • Instruction Fuzzy Hash: 4441AF70904108AADB14EB65DD4ABEEB774EF14314F2041AEF40AA71D1EF782F88CB55
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00424280, Relevance: 12.2, APIs: 8, Instructions: 154COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1114 424280-4242f2 GetDC 1115 4242f4-4242fa 1114->1115 1116 424325 1114->1116 1115->1116 1117 424313-42431a 1115->1117 1118 424301-424308 1115->1118 1119 42430a-424311 1115->1119 1120 42431c-424323 1115->1120 1121 42432c-42433d 1116->1121 1117->1121 1118->1121 1119->1121 1120->1121 1122 42433f-424347 1121->1122 1123 42435c-424360 1121->1123 1122->1123 1124 424349-424358 1122->1124 1125 424362-424368 1123->1125 1126 424377-424383 1123->1126 1124->1123 1125->1126 1128 42436a-424375 1125->1128 1127 424389-424390 1126->1127 1129 424392-424396 1127->1129 1130 4243d7-4243de 1127->1130 1128->1127 1131 424398-4243bc GetDeviceCaps MulDiv 1129->1131 1132 4243be-4243d1 MulDiv 1129->1132 1133 4243e9-4243f1 1130->1133 1131->1130 1132->1130 1134 4243f3-4243f7 1133->1134 1135 424436-42443a 1133->1135 1134->1135 1136 4243f9-424429 call 424140 1134->1136 1137 424463-424467 1135->1137 1138 42443c-424461 GetDeviceCaps MulDiv 1135->1138 1144 42442e-424434 1136->1144 1140 424479-424495 ReleaseDC call 44f6c8 1137->1140 1141 424469-424476 call 45184a 1137->1141 1138->1137 1141->1140 1144->1133
                                                                                                                                                                                C-Code - Quality: 92%
                                                                                                                                                                                			E00424280(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, signed short* _a20) {
				struct HWND__* _v8;
				char* _v12;
				char* _v16;
				char* _v20;
				char* _v24;
				struct HWND__* _v28;
				signed int _v32;
				char _v100;
				signed int _v104;
				signed int _v108;
				struct HDC__* _v112;
				struct HWND__* _v116;
				intOrPtr _v164;
				void* _v176;
				int _v180;
				signed int _v184;
				signed int _t80;
				struct HWND__* _t103;
				void* _t113;
				void* _t141;
				void* _t142;
				signed int _t143;
				void* _t144;

				_t142 = __esi;
				_t141 = __edi;
				_t113 = __ebx;
				_t80 =  *0x561244; // 0x554c9ad9
				_v32 = _t80 ^ _t143;
				_v104 = 1;
				_v112 = GetDC(0);
				_v28 = 0;
				_v24 = 0;
				_v20 = L"Tahoma";
				_v16 = L"MS Sans Serif";
				_v12 = L"Arial";
				_v8 = 0;
				_v184 = _a4 & 0x000000ff;
				_v184 = _v184 - 0x80;
				if(_v184 > 8) {
					L6:
					_v104 = 0;
				} else {
					switch( *((intOrPtr*)(_v184 * 4 +  &M00424498))) {
						case 0:
							_v24 = L"MS UI Gothic";
							goto L7;
						case 1:
							_v24 = L"Gulim";
							goto L7;
						case 2:
							goto L6;
						case 3:
							_v24 = L"SimSun";
							goto L7;
						case 4:
							_v24 = L"PMingLiU";
							goto L7;
					}
				}
				L7:
				asm("sbb eax, eax");
				_v108 =  ~_v104 + 2;
				if(_a20 != 0 && ( *_a20 & 0x0000ffff) != 0) {
					_v108 = _v108 - 1;
					 *((intOrPtr*)(_t143 + _v108 * 4 - 0x18)) = _a20;
				}
				if(_a8 == 0 ||  *_a8 == 0) {
					_v180 = (0 | _v104 != 0x00000000) + 9;
				} else {
					_v180 =  *_a8;
				}
				if(_v180 > 0) {
					if(_a16 == 0) {
						_v180 =  ~(MulDiv(_v180, 0x60, 0x48));
					} else {
						_v180 =  ~(MulDiv(_v180, GetDeviceCaps(_v112, 0x5a), 0x48));
					}
				}
				_v116 = 0;
				while( *((intOrPtr*)(_t143 + _v108 * 4 - 0x18)) != 0 && _v116 == 0) {
					asm("sbb eax, eax");
					_t103 = E00424140(_t113, _t141, _t142,  *((intOrPtr*)(_t143 + _v108 * 4 - 0x18)), _a4 & 0x000000ff, _v180, _a12, _v112,  &_v100,  ~_a8 &  &_v176); // executed
					_t144 = _t144 + 0x1c;
					_v116 = _t103;
					_v108 = _v108 + 1;
				}
				if(_a8 != 0) {
					 *_a8 = MulDiv(_v176 - _v164, 0x48, GetDeviceCaps(_v112, 0x5a));
				}
				if(_a20 != 0) {
					E0045184A(_a20,  &_v100);
				}
				ReleaseDC(0, _v112);
				return E0044F6C8(_v116, _t113, _v32 ^ _t143, _v112, _t141, _t142);
			}


























                                                                                                                                                                                0x00424280
                                                                                                                                                                                0x00424280
                                                                                                                                                                                0x00424280
                                                                                                                                                                                0x00424289
                                                                                                                                                                                0x00424290
                                                                                                                                                                                0x00424293
                                                                                                                                                                                0x004242a2
                                                                                                                                                                                0x004242a5
                                                                                                                                                                                0x004242ac
                                                                                                                                                                                0x004242b3
                                                                                                                                                                                0x004242ba
                                                                                                                                                                                0x004242c1
                                                                                                                                                                                0x004242c8
                                                                                                                                                                                0x004242d3
                                                                                                                                                                                0x004242e5
                                                                                                                                                                                0x004242f2
                                                                                                                                                                                0x00424325
                                                                                                                                                                                0x00424325
                                                                                                                                                                                0x004242f4
                                                                                                                                                                                0x004242fa
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00424301
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0042431c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0042430a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00424313
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004242fa
                                                                                                                                                                                0x0042432c
                                                                                                                                                                                0x00424331
                                                                                                                                                                                0x00424336
                                                                                                                                                                                0x0042433d
                                                                                                                                                                                0x0042434f
                                                                                                                                                                                0x00424358
                                                                                                                                                                                0x00424358
                                                                                                                                                                                0x00424360
                                                                                                                                                                                0x00424383
                                                                                                                                                                                0x0042436a
                                                                                                                                                                                0x0042436f
                                                                                                                                                                                0x0042436f
                                                                                                                                                                                0x00424390
                                                                                                                                                                                0x00424396
                                                                                                                                                                                0x004243d1
                                                                                                                                                                                0x00424398
                                                                                                                                                                                0x004243b6
                                                                                                                                                                                0x004243b6
                                                                                                                                                                                0x00424396
                                                                                                                                                                                0x004243d7
                                                                                                                                                                                0x004243e9
                                                                                                                                                                                0x004243fe
                                                                                                                                                                                0x00424429
                                                                                                                                                                                0x0042442e
                                                                                                                                                                                0x00424431
                                                                                                                                                                                0x004243e6
                                                                                                                                                                                0x004243e6
                                                                                                                                                                                0x0042443a
                                                                                                                                                                                0x00424461
                                                                                                                                                                                0x00424461
                                                                                                                                                                                0x00424467
                                                                                                                                                                                0x00424471
                                                                                                                                                                                0x00424476
                                                                                                                                                                                0x0042447f
                                                                                                                                                                                0x00424495

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 0042429C
                                                                                                                                                                                • GetDeviceCaps.GDI32(?,0000005A), ref: 004243A0
                                                                                                                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 004243AE
                                                                                                                                                                                • MulDiv.KERNEL32(00000000,00000060,00000048), ref: 004243C9
                                                                                                                                                                                • GetDeviceCaps.GDI32(?,0000005A), ref: 00424442
                                                                                                                                                                                • MulDiv.KERNEL32(?,00000048,00000000), ref: 00424458
                                                                                                                                                                                • _wcscpy.LIBCMT ref: 00424471
                                                                                                                                                                                • ReleaseDC.USER32 ref: 0042447F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CapsDevice$Release_wcscpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 218543050-0
                                                                                                                                                                                • Opcode ID: addc902abe19bcb2e843a8c4ff13a2c574d834c9b2b0b35da3bccb5100abd372
                                                                                                                                                                                • Instruction ID: 6a1f34e3b352a9f831fe859dfbab1ec0b461a88cf26c78c58544564a76178256
                                                                                                                                                                                • Opcode Fuzzy Hash: addc902abe19bcb2e843a8c4ff13a2c574d834c9b2b0b35da3bccb5100abd372
                                                                                                                                                                                • Instruction Fuzzy Hash: D4614E70A0031CDFDB10CFA4D849BAEBBB5FB48305F548159E919AB280D7789A84CF95
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004547CB, Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1148 4547cb-4547e7 1149 4547e9-4547ec 1148->1149 1150 45480a 1148->1150 1149->1150 1151 4547ee-4547f0 1149->1151 1152 45480c-454810 1150->1152 1153 454811-454816 1151->1153 1154 4547f2-454801 call 454477 1151->1154 1156 454825-454828 1153->1156 1157 454818-454823 1153->1157 1166 454802-454807 call 4557a5 1154->1166 1158 454835-454837 1156->1158 1159 45482a-454832 call 451d90 1156->1159 1157->1156 1161 454846-454859 1157->1161 1158->1154 1163 454839-454844 1158->1163 1159->1158 1164 454863 1161->1164 1165 45485b-454861 1161->1165 1163->1154 1163->1161 1168 45486a-45486c 1164->1168 1165->1168 1166->1150 1170 454872-454879 1168->1170 1171 45495c-45495f 1168->1171 1173 4548bf-4548c2 1170->1173 1174 45487b-454880 1170->1174 1171->1152 1175 4548c4-4548c8 1173->1175 1176 45492c-45492d call 4610bf 1173->1176 1174->1173 1177 454882 1174->1177 1179 4548e9-4548f0 1175->1179 1180 4548ca-4548d3 1175->1180 1183 454932-454936 1176->1183 1181 4549bd 1177->1181 1182 454888-45488c 1177->1182 1187 4548f4-4548f7 1179->1187 1188 4548f2 1179->1188 1184 4548d5-4548dc 1180->1184 1185 4548de-4548e3 1180->1185 1186 4549c1-4549ca 1181->1186 1189 454890-454893 1182->1189 1190 45488e 1182->1190 1183->1186 1191 45493c-454940 1183->1191 1192 4548e5-4548e7 1184->1192 1185->1192 1186->1152 1193 454990-454994 1187->1193 1194 4548fd-454909 call 4544c0 call 4617ac 1187->1194 1188->1187 1195 454964-45496a 1189->1195 1196 454899-4548ba call 44f6d7 1189->1196 1190->1189 1191->1193 1200 454942-454951 1191->1200 1192->1187 1198 4549a6-4549b8 call 454477 1193->1198 1199 454996-4549a3 call 451d90 1193->1199 1216 45490e-454913 1194->1216 1201 45496c-454978 call 451d90 1195->1201 1202 45497b-45498b call 454477 1195->1202 1207 454954-454956 1196->1207 1198->1166 1199->1198 1200->1207 1201->1202 1202->1166 1207->1170 1207->1171 1217 4549cf-4549d3 1216->1217 1218 454919-45491c 1216->1218 1217->1186 1218->1181 1219 454922-45492a 1218->1219 1219->1207
                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                			E004547CB(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t90;
				intOrPtr* _t92;
				signed int _t94;
				char _t97;
				signed int _t105;
				void* _t106;
				signed int _t107;
				signed int _t110;
				signed int _t113;
				intOrPtr* _t114;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				char* _t121;
				signed int _t125;
				signed int _t131;
				signed int _t133;
				void* _t134;

				_t125 = __edx;
				_t121 = _a4;
				_t119 = _a8;
				_t131 = 0;
				_v12 = _t121;
				_v8 = _t119;
				if(_a12 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t138 = _t121;
					if(_t121 != 0) {
						_t133 = _a20;
						__eflags = _t133;
						if(_t133 == 0) {
							L9:
							__eflags = _t119 - 0xffffffff;
							if(_t119 != 0xffffffff) {
								_t90 = E00451D90(_t131, _t121, _t131, _t119);
								_t134 = _t134 + 0xc;
							}
							__eflags = _t133 - _t131;
							if(__eflags == 0) {
								goto L3;
							} else {
								_t94 = _t90 | 0xffffffff;
								_t125 = _t94 % _a12;
								__eflags = _a16 - _t94 / _a12;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t131 = _a12 * _a16;
								__eflags =  *(_t133 + 0xc) & 0x0000010c;
								_v20 = _t131;
								_t120 = _t131;
								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t133 + 0x18));
								}
								__eflags = _t131;
								if(_t131 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t133 + 0xc) & 0x0000010c;
										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t120 - _v16;
											if(_t120 < _v16) {
												_t97 = E004610BF(_t120, _t125, _t133); // executed
												__eflags = _t97 - 0xffffffff;
												if(_t97 == 0xffffffff) {
													L48:
													return (_t131 - _t120) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L44:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E00451D90(_t131, _a4, 0, _a8);
														_t134 = _t134 + 0xc;
													}
													 *((intOrPtr*)(E00454477(__eflags))) = 0x22;
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													L4:
													E004557A5(_t125, _t131, _t133);
													goto L5;
												}
												_t123 = _v12;
												_v12 = _v12 + 1;
												 *_v12 = _t97;
												_t120 = _t120 - 1;
												_t70 =  &_v8;
												 *_t70 = _v8 - 1;
												__eflags =  *_t70;
												_v16 =  *((intOrPtr*)(_t133 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t105 = 0x7fffffff;
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t105 = _t120;
												}
											} else {
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t55 = _t120 % _v16;
													__eflags = _t55;
													_t125 = _t55;
													_t110 = _t120;
												} else {
													_t125 = 0x7fffffff % _v16;
													_t110 = 0x7fffffff;
												}
												_t105 = _t110 - _t125;
											}
											__eflags = _t105 - _v8;
											if(_t105 > _v8) {
												goto L44;
											} else {
												_push(_t105);
												_push(_v12);
												_t106 = E004544C0(_t125, _t131, _t133);
												_pop(_t123);
												_push(_t106); // executed
												_t107 = E004617AC(_t120, _t125, _t131, _t133, __eflags); // executed
												_t134 = _t134 + 0xc;
												__eflags = _t107;
												if(_t107 == 0) {
													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
													goto L48;
												}
												__eflags = _t107 - 0xffffffff;
												if(_t107 == 0xffffffff) {
													L47:
													_t80 = _t133 + 0xc;
													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
													__eflags =  *_t80;
													goto L48;
												}
												_v12 = _v12 + _t107;
												_t120 = _t120 - _t107;
												_v8 = _v8 - _t107;
												goto L39;
											}
										}
										_t113 =  *(_t133 + 4);
										__eflags = _t113;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L47;
										}
										_t131 = _t120;
										__eflags = _t120 - _t113;
										if(_t120 >= _t113) {
											_t131 = _t113;
										}
										__eflags = _t131 - _v8;
										if(_t131 > _v8) {
											_t133 = 0;
											__eflags = _a8 - 0xffffffff;
											if(__eflags != 0) {
												E00451D90(_t131, _a4, 0, _a8);
												_t134 = _t134 + 0xc;
											}
											_t114 = E00454477(__eflags);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											 *_t114 = 0x22;
											_push(_t133);
											goto L4;
										} else {
											E0044F6D7(_t120, _t123, _v12, _v8,  *_t133, _t131);
											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
											 *_t133 =  *_t133 + _t131;
											_v12 = _v12 + _t131;
											_t120 = _t120 - _t131;
											_t134 = _t134 + 0x10;
											_v8 = _v8 - _t131;
											_t131 = _v20;
										}
										L39:
										__eflags = _t120;
									} while (_t120 != 0);
									goto L40;
								}
							}
						}
						_t118 = _t90 | 0xffffffff;
						_t90 = _t118 / _a12;
						_t125 = _t118 % _a12;
						__eflags = _a16 - _t90;
						if(_a16 <= _t90) {
							goto L13;
						}
						goto L9;
					}
					L3:
					_t92 = E00454477(_t138);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					 *_t92 = 0x16;
					_push(_t131);
					goto L4;
				}
			}





























                                                                                                                                                                                0x004547cb
                                                                                                                                                                                0x004547d3
                                                                                                                                                                                0x004547d7
                                                                                                                                                                                0x004547dc
                                                                                                                                                                                0x004547de
                                                                                                                                                                                0x004547e1
                                                                                                                                                                                0x004547e7
                                                                                                                                                                                0x0045480a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004547ee
                                                                                                                                                                                0x004547ee
                                                                                                                                                                                0x004547f0
                                                                                                                                                                                0x00454811
                                                                                                                                                                                0x00454814
                                                                                                                                                                                0x00454816
                                                                                                                                                                                0x00454825
                                                                                                                                                                                0x00454825
                                                                                                                                                                                0x00454828
                                                                                                                                                                                0x0045482d
                                                                                                                                                                                0x00454832
                                                                                                                                                                                0x00454832
                                                                                                                                                                                0x00454835
                                                                                                                                                                                0x00454837
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00454839
                                                                                                                                                                                0x00454839
                                                                                                                                                                                0x0045483e
                                                                                                                                                                                0x00454841
                                                                                                                                                                                0x00454844
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00454846
                                                                                                                                                                                0x00454849
                                                                                                                                                                                0x0045484d
                                                                                                                                                                                0x00454854
                                                                                                                                                                                0x00454857
                                                                                                                                                                                0x00454859
                                                                                                                                                                                0x00454863
                                                                                                                                                                                0x0045485b
                                                                                                                                                                                0x0045485e
                                                                                                                                                                                0x0045485e
                                                                                                                                                                                0x0045486a
                                                                                                                                                                                0x0045486c
                                                                                                                                                                                0x0045495c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00454872
                                                                                                                                                                                0x00454872
                                                                                                                                                                                0x00454872
                                                                                                                                                                                0x00454879
                                                                                                                                                                                0x004548bf
                                                                                                                                                                                0x004548bf
                                                                                                                                                                                0x004548c2
                                                                                                                                                                                0x0045492d
                                                                                                                                                                                0x00454933
                                                                                                                                                                                0x00454936
                                                                                                                                                                                0x004549c1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004549c7
                                                                                                                                                                                0x0045493c
                                                                                                                                                                                0x00454940
                                                                                                                                                                                0x00454990
                                                                                                                                                                                0x00454990
                                                                                                                                                                                0x00454994
                                                                                                                                                                                0x0045499e
                                                                                                                                                                                0x004549a3
                                                                                                                                                                                0x004549a3
                                                                                                                                                                                0x004549ab
                                                                                                                                                                                0x004549b3
                                                                                                                                                                                0x004549b4
                                                                                                                                                                                0x004549b5
                                                                                                                                                                                0x004549b6
                                                                                                                                                                                0x004549b7
                                                                                                                                                                                0x00454802
                                                                                                                                                                                0x00454802
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00454807
                                                                                                                                                                                0x00454942
                                                                                                                                                                                0x00454945
                                                                                                                                                                                0x00454948
                                                                                                                                                                                0x0045494d
                                                                                                                                                                                0x0045494e
                                                                                                                                                                                0x0045494e
                                                                                                                                                                                0x0045494e
                                                                                                                                                                                0x00454951
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00454951
                                                                                                                                                                                0x004548c4
                                                                                                                                                                                0x004548c8
                                                                                                                                                                                0x004548e9
                                                                                                                                                                                0x004548ee
                                                                                                                                                                                0x004548f0
                                                                                                                                                                                0x004548f2
                                                                                                                                                                                0x004548f2
                                                                                                                                                                                0x004548ca
                                                                                                                                                                                0x004548d1
                                                                                                                                                                                0x004548d3
                                                                                                                                                                                0x004548e0
                                                                                                                                                                                0x004548e0
                                                                                                                                                                                0x004548e0
                                                                                                                                                                                0x004548e3
                                                                                                                                                                                0x004548d5
                                                                                                                                                                                0x004548d7
                                                                                                                                                                                0x004548da
                                                                                                                                                                                0x004548da
                                                                                                                                                                                0x004548e5
                                                                                                                                                                                0x004548e5
                                                                                                                                                                                0x004548f4
                                                                                                                                                                                0x004548f7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004548fd
                                                                                                                                                                                0x004548fd
                                                                                                                                                                                0x004548fe
                                                                                                                                                                                0x00454902
                                                                                                                                                                                0x00454907
                                                                                                                                                                                0x00454908
                                                                                                                                                                                0x00454909
                                                                                                                                                                                0x0045490e
                                                                                                                                                                                0x00454911
                                                                                                                                                                                0x00454913
                                                                                                                                                                                0x004549cf
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004549cf
                                                                                                                                                                                0x00454919
                                                                                                                                                                                0x0045491c
                                                                                                                                                                                0x004549bd
                                                                                                                                                                                0x004549bd
                                                                                                                                                                                0x004549bd
                                                                                                                                                                                0x004549bd
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004549bd
                                                                                                                                                                                0x00454922
                                                                                                                                                                                0x00454925
                                                                                                                                                                                0x00454927
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00454927
                                                                                                                                                                                0x004548f7
                                                                                                                                                                                0x0045487b
                                                                                                                                                                                0x0045487e
                                                                                                                                                                                0x00454880
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00454882
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00454888
                                                                                                                                                                                0x0045488a
                                                                                                                                                                                0x0045488c
                                                                                                                                                                                0x0045488e
                                                                                                                                                                                0x0045488e
                                                                                                                                                                                0x00454890
                                                                                                                                                                                0x00454893
                                                                                                                                                                                0x00454964
                                                                                                                                                                                0x00454966
                                                                                                                                                                                0x0045496a
                                                                                                                                                                                0x00454973
                                                                                                                                                                                0x00454978
                                                                                                                                                                                0x00454978
                                                                                                                                                                                0x0045497b
                                                                                                                                                                                0x00454980
                                                                                                                                                                                0x00454981
                                                                                                                                                                                0x00454982
                                                                                                                                                                                0x00454983
                                                                                                                                                                                0x00454984
                                                                                                                                                                                0x0045498a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00454899
                                                                                                                                                                                0x004548a2
                                                                                                                                                                                0x004548a7
                                                                                                                                                                                0x004548aa
                                                                                                                                                                                0x004548ac
                                                                                                                                                                                0x004548af
                                                                                                                                                                                0x004548b1
                                                                                                                                                                                0x004548b4
                                                                                                                                                                                0x004548b7
                                                                                                                                                                                0x004548b7
                                                                                                                                                                                0x00454954
                                                                                                                                                                                0x00454954
                                                                                                                                                                                0x00454954
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00454872
                                                                                                                                                                                0x0045486c
                                                                                                                                                                                0x00454837
                                                                                                                                                                                0x00454818
                                                                                                                                                                                0x0045481d
                                                                                                                                                                                0x0045481d
                                                                                                                                                                                0x00454820
                                                                                                                                                                                0x00454823
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00454823
                                                                                                                                                                                0x004547f2
                                                                                                                                                                                0x004547f2
                                                                                                                                                                                0x004547f7
                                                                                                                                                                                0x004547f8
                                                                                                                                                                                0x004547f9
                                                                                                                                                                                0x004547fa
                                                                                                                                                                                0x004547fb
                                                                                                                                                                                0x00454801
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00454801

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3886058894-0
                                                                                                                                                                                • Opcode ID: 24e9373897bc8a5cc2d72240ab2ba003cf9559ff3a241c8706108772e9f9b500
                                                                                                                                                                                • Instruction ID: b48dc7675cf6e0c95097a90f61d0df77d4aa9603786d68242fc11d6efe4b1aba
                                                                                                                                                                                • Opcode Fuzzy Hash: 24e9373897bc8a5cc2d72240ab2ba003cf9559ff3a241c8706108772e9f9b500
                                                                                                                                                                                • Instruction Fuzzy Hash: 8A510A74900244EBCB209FB9884559F7BB5EFC132DF14821BFC259A292D3389D99CB59
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00482980, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                			E00482980(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				char* _v20;
				long _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v60;
				char _v64;
				char _v328;
				short _v330;
				intOrPtr _v334;
				short _v336;
				char _v400;
				char _v416;
				WCHAR* _v420;
				char _v421;
				char _v422;
				signed int _v428;
				signed int _t52;
				signed int _t53;
				signed int _t79;
				signed int _t112;
				void* _t113;
				void* _t120;

				_t111 = __esi;
				_t110 = __edi;
				_t80 = __ebx;
				_push(0xffffffff);
				_push(0x50a68e);
				_push( *[fs:0x0]);
				_t52 =  *0x561244; // 0x554c9ad9
				_t53 = _t52 ^ _t112;
				_v32 = _t53;
				_push(_t53);
				 *[fs:0x0] =  &_v16;
				_v428 = 0;
				_v24 = 0;
				E004175C0(E00434050( &_v421));
				_v8 = 1;
				_v336 = 0;
				_v334 = 0;
				_v330 = 0;
				E00495D00(__ebx, __edi, __esi, 0x23,  &_v64, 1, 1); // executed
				E0045508B(E00416A30( &_v60),  &_v336, 0, 0, 0);
				PathAddBackslashW( &_v336);
				GetVolumeInformationW( &_v336, 0, 0,  &_v24, 0, 0, 0, 0); // executed
				_v28 = E00453304(__edi, __esi,  &_v416, "%.8x", _v24);
				E004827F0(_a8, E00451E10(_a8),  &_v328);
				E004826C0( &_v416, _v28,  &_v328);
				_t120 = _t113 - 0x19c + 0x4c;
				_v20 =  &_v400;
				_v420 = 0;
				while(1) {
					_t107 = _v420;
					if(_v420 >= _v28) {
						break;
					}
					_t79 = E00448860(_v20, L"%x",  *(_t112 + _v420 - 0x19c) & 0x000000ff);
					_t120 = _t120 + 0xc;
					_v20 = _v20 + _t79 * 2;
					_v420 =  &(_v420[0]);
				}
				E00417910( &_v400, E00434050( &_v422));
				_v428 = _v428 | 0x00000001;
				_v8 = 0;
				E004176E0();
				 *[fs:0x0] = _v16;
				return E0044F6C8(_a4, _t80, _v32 ^ _t112, _t107, _t110, _t111);
			}



























                                                                                                                                                                                0x00482980
                                                                                                                                                                                0x00482980
                                                                                                                                                                                0x00482980
                                                                                                                                                                                0x00482983
                                                                                                                                                                                0x00482985
                                                                                                                                                                                0x00482990
                                                                                                                                                                                0x00482997
                                                                                                                                                                                0x0048299c
                                                                                                                                                                                0x0048299e
                                                                                                                                                                                0x004829a1
                                                                                                                                                                                0x004829a5
                                                                                                                                                                                0x004829ab
                                                                                                                                                                                0x004829b5
                                                                                                                                                                                0x004829cb
                                                                                                                                                                                0x004829d0
                                                                                                                                                                                0x004829d9
                                                                                                                                                                                0x004829e2
                                                                                                                                                                                0x004829e8
                                                                                                                                                                                0x004829f9
                                                                                                                                                                                0x00482a17
                                                                                                                                                                                0x00482a26
                                                                                                                                                                                0x00482a43
                                                                                                                                                                                0x00482a61
                                                                                                                                                                                0x00482a7c
                                                                                                                                                                                0x00482a96
                                                                                                                                                                                0x00482a9b
                                                                                                                                                                                0x00482aa4
                                                                                                                                                                                0x00482aa7
                                                                                                                                                                                0x00482ac2
                                                                                                                                                                                0x00482ac2
                                                                                                                                                                                0x00482acb
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00482ae5
                                                                                                                                                                                0x00482aea
                                                                                                                                                                                0x00482af3
                                                                                                                                                                                0x00482abc
                                                                                                                                                                                0x00482abc
                                                                                                                                                                                0x00482b0e
                                                                                                                                                                                0x00482b1c
                                                                                                                                                                                0x00482b22
                                                                                                                                                                                0x00482b29
                                                                                                                                                                                0x00482b34
                                                                                                                                                                                0x00482b49

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00495D00: _memset.LIBCMT ref: 00495D56
                                                                                                                                                                                  • Part of subcall function 00495D00: SHGetFolderPathW.SHELL32(00000000,004CC849,00000000,00000000,?,?,?,554C9AD9), ref: 00495D6F
                                                                                                                                                                                  • Part of subcall function 00495D00: PathAddBackslashW.SHLWAPI(?,?,?,554C9AD9), ref: 00495D93
                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 00482A17
                                                                                                                                                                                  • Part of subcall function 0045508B: __wsplitpath_helper.LIBCMT ref: 004550CD
                                                                                                                                                                                • PathAddBackslashW.SHLWAPI(?), ref: 00482A26
                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00482A43
                                                                                                                                                                                • _sprintf.LIBCMT ref: 00482A59
                                                                                                                                                                                • _strlen.LIBCMT ref: 00482A6F
                                                                                                                                                                                  • Part of subcall function 00448860: __vswprintf.LIBCMT ref: 00448878
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Path$Backslash$FolderInformationVolume__vswprintf__wsplitpath__wsplitpath_helper_memset_sprintf_strlen
                                                                                                                                                                                • String ID: %.8x
                                                                                                                                                                                • API String ID: 2556234588-3443174927
                                                                                                                                                                                • Opcode ID: 22ca0185119504438344601ffb00a2c409751419db81204b14255fdfe5ea437b
                                                                                                                                                                                • Instruction ID: 7867479c3adea28f3d0d62ba70a56522cd4e3f6b322498506d0fd7f1f505525c
                                                                                                                                                                                • Opcode Fuzzy Hash: 22ca0185119504438344601ffb00a2c409751419db81204b14255fdfe5ea437b
                                                                                                                                                                                • Instruction Fuzzy Hash: 7B518DB1E00218AFDB14EF94DC52FEEB778AF45304F40859AF509A7281EB746A44CF95
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004D5A80, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 51%
                                                                                                                                                                                			E004D5A80(void* __ebx, void* __edi, void* __esi, struct HWND__* _a4) {
				int _v8;
				char _v16;
				signed int _v20;
				char _v48;
				char _v52;
				struct HICON__* _v56;
				char _v84;
				long _v88;
				int _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				signed int _t34;
				signed int _t35;
				signed char _t43;
				WCHAR* _t54;
				void* _t57;
				void* _t77;
				void* _t78;
				signed int _t79;

				_t78 = __esi;
				_t77 = __edi;
				_t57 = __ebx;
				_push(0xffffffff);
				_push(0x506d9c);
				_push( *[fs:0x0]);
				_t34 =  *0x561244; // 0x554c9ad9
				_t35 = _t34 ^ _t79;
				_v20 = _t35;
				_push(_t35);
				 *[fs:0x0] =  &_v16;
				_v56 = 0;
				if(0x5bdf4c == 0) {
					_v92 = 0;
				} else {
					_v92 = 0x5bdf50;
				}
				_v96 = E004098D0( &_v84, _v92, L"setup.ico");
				_v100 = _v96;
				_v8 = 0;
				E00409810(_v100);
				_v8 = 2;
				E004178C0( &_v84);
				_t43 = E0049E7E0( &_v52, 0); // executed
				if((_t43 & 0x000000ff) != 0) {
					_t54 = E00416A30( &_v48);
					_v56 = LoadImageW(E00429A60(0x5c1a9c), _t54, 1, 0, 0, 0x50);
				}
				if(_v56 == 0) {
					_v56 = LoadIconW(E00429A60(0x5c1a9c), 1);
				}
				_t76 = _a4;
				if(IsWindow(_a4) != 0) {
					SendMessageW(_a4, 0x80, 1, _v56); // executed
					_t76 = _v56;
					SendMessageW(_a4, 0x80, 0, _v56); // executed
				}
				_v88 = _v56;
				_v8 = 0xffffffff;
				E004176E0();
				 *[fs:0x0] = _v16;
				return E0044F6C8(_v88, _t57, _v20 ^ _t79, _t76, _t77, _t78);
			}






















                                                                                                                                                                                0x004d5a80
                                                                                                                                                                                0x004d5a80
                                                                                                                                                                                0x004d5a80
                                                                                                                                                                                0x004d5a83
                                                                                                                                                                                0x004d5a85
                                                                                                                                                                                0x004d5a90
                                                                                                                                                                                0x004d5a94
                                                                                                                                                                                0x004d5a99
                                                                                                                                                                                0x004d5a9b
                                                                                                                                                                                0x004d5a9e
                                                                                                                                                                                0x004d5aa2
                                                                                                                                                                                0x004d5aa8
                                                                                                                                                                                0x004d5ab6
                                                                                                                                                                                0x004d5ac5
                                                                                                                                                                                0x004d5ab8
                                                                                                                                                                                0x004d5ac0
                                                                                                                                                                                0x004d5ac0
                                                                                                                                                                                0x004d5ae1
                                                                                                                                                                                0x004d5ae7
                                                                                                                                                                                0x004d5aea
                                                                                                                                                                                0x004d5af8
                                                                                                                                                                                0x004d5afd
                                                                                                                                                                                0x004d5b04
                                                                                                                                                                                0x004d5b0f
                                                                                                                                                                                0x004d5b1c
                                                                                                                                                                                0x004d5b29
                                                                                                                                                                                0x004d5b40
                                                                                                                                                                                0x004d5b40
                                                                                                                                                                                0x004d5b47
                                                                                                                                                                                0x004d5b5c
                                                                                                                                                                                0x004d5b5c
                                                                                                                                                                                0x004d5b5f
                                                                                                                                                                                0x004d5b6b
                                                                                                                                                                                0x004d5b7c
                                                                                                                                                                                0x004d5b82
                                                                                                                                                                                0x004d5b91
                                                                                                                                                                                0x004d5b91
                                                                                                                                                                                0x004d5b9a
                                                                                                                                                                                0x004d5b9d
                                                                                                                                                                                0x004d5ba7
                                                                                                                                                                                0x004d5bb2
                                                                                                                                                                                0x004d5bc7

                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadImageW.USER32 ref: 004D5B3A
                                                                                                                                                                                • LoadIconW.USER32(00000000,00000001), ref: 004D5B56
                                                                                                                                                                                • IsWindow.USER32(004CD3AA), ref: 004D5B63
                                                                                                                                                                                • SendMessageW.USER32(004CD3AA,00000080,00000001,00000000), ref: 004D5B7C
                                                                                                                                                                                • SendMessageW.USER32(004CD3AA,00000080,00000000,00000000), ref: 004D5B91
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LoadMessageSend$IconImageWindow
                                                                                                                                                                                • String ID: setup.ico
                                                                                                                                                                                • API String ID: 2942324917-2566955499
                                                                                                                                                                                • Opcode ID: d084cf54a67d46861b7e370ffd517cd7c8988c300e69de5d308682a3bd29293e
                                                                                                                                                                                • Instruction ID: 2bd365032c2f552ced306848ea20a241a52543378c904a779762d3456a8b84a7
                                                                                                                                                                                • Opcode Fuzzy Hash: d084cf54a67d46861b7e370ffd517cd7c8988c300e69de5d308682a3bd29293e
                                                                                                                                                                                • Instruction Fuzzy Hash: 02414D75A01248ABDB04DFE4DC55BEEBBB9BB48704F10852EF502AB381DB746904CB54
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00484EA0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 75COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                			E00484EA0(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v16;
				char _v24;
				char _v28;
				signed int _v32;
				char _v92;
				char _v96;
				signed int _t20;
				signed int _t21;
				signed int _t23;
				signed int _t25;
				void* _t28;
				char _t30;
				signed char _t35;
				signed int _t47;
				signed int _t54;

				_t53 = __esi;
				_t52 = __edi;
				_t36 = __ebx;
				_push(0xffffffff);
				_push(0x50cca6);
				_push( *[fs:0x0]);
				_t20 =  *0x561244; // 0x554c9ad9
				_t21 = _t20 ^ _t54;
				_v32 = _t21;
				_push(_t21);
				 *[fs:0x0] =  &_v16;
				_t23 =  *0x5c2b0c; // 0x1
				if((_t23 & 0x00000001) == 0) {
					_t47 =  *0x5c2b0c; // 0x1
					 *0x5c2b0c = _t47 | 0x00000001;
					_v8 = 0;
					_t35 = E00484B40(__ebx, __edi, __esi); // executed
					asm("sbb edx, edx");
					_t49 =  ~( ~(_t35 & 0x000000ff));
					 *0x5c2b08 =  ~( ~(_t35 & 0x000000ff));
					_v8 = 0xffffffff;
				}
				if( *0x5c2b08 <= 1) {
					E00434E30( &_v24);
					_v8 = 1;
					_t28 = E0041EEA0( &_v24, 0x80000002, L"SOFTWARE\\Mozilla\\Mozilla Firefox", 1); // executed
					if(_t28 == 0) {
						_t30 = "0"; // 0x30
						_v96 = _t30;
						E00451D90(_t52,  &_v92, 0, 0x3c);
						_v28 = 0x20;
						_t49 =  &_v28;
						E0041EDE0( &_v24, L"CurrentVersion",  &_v96,  &_v28);
						 *0x5c2b08 = E00451CBD( &_v96, 0, 0xa);
					}
					_v8 = 0xffffffff;
					E0041EF60( &_v24);
				}
				_t25 =  *0x5c2b08; // 0x0
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t25, _t36, _v32 ^ _t54, _t49, _t52, _t53);
			}



















                                                                                                                                                                                0x00484ea0
                                                                                                                                                                                0x00484ea0
                                                                                                                                                                                0x00484ea0
                                                                                                                                                                                0x00484ea3
                                                                                                                                                                                0x00484ea5
                                                                                                                                                                                0x00484eb0
                                                                                                                                                                                0x00484eb4
                                                                                                                                                                                0x00484eb9
                                                                                                                                                                                0x00484ebb
                                                                                                                                                                                0x00484ebe
                                                                                                                                                                                0x00484ec2
                                                                                                                                                                                0x00484ec8
                                                                                                                                                                                0x00484ed0
                                                                                                                                                                                0x00484ed2
                                                                                                                                                                                0x00484edb
                                                                                                                                                                                0x00484ee1
                                                                                                                                                                                0x00484ee8
                                                                                                                                                                                0x00484ef2
                                                                                                                                                                                0x00484ef4
                                                                                                                                                                                0x00484ef6
                                                                                                                                                                                0x00484efc
                                                                                                                                                                                0x00484efc
                                                                                                                                                                                0x00484f0a
                                                                                                                                                                                0x00484f0f
                                                                                                                                                                                0x00484f14
                                                                                                                                                                                0x00484f2a
                                                                                                                                                                                0x00484f31
                                                                                                                                                                                0x00484f33
                                                                                                                                                                                0x00484f38
                                                                                                                                                                                0x00484f43
                                                                                                                                                                                0x00484f4b
                                                                                                                                                                                0x00484f52
                                                                                                                                                                                0x00484f62
                                                                                                                                                                                0x00484f77
                                                                                                                                                                                0x00484f77
                                                                                                                                                                                0x00484f7c
                                                                                                                                                                                0x00484f86
                                                                                                                                                                                0x00484f86
                                                                                                                                                                                0x00484f8b
                                                                                                                                                                                0x00484f93
                                                                                                                                                                                0x00484fa8

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Iterator_baseIterator_base::___wcstoi64_memsetstd::_
                                                                                                                                                                                • String ID: $CurrentVersion$SOFTWARE\Mozilla\Mozilla Firefox
                                                                                                                                                                                • API String ID: 3485345583-1023798336
                                                                                                                                                                                • Opcode ID: 61034f3484858b031ddec6510427f16abae38c00ff857c6c04db67119d5ca015
                                                                                                                                                                                • Instruction ID: 5e62964c8161c01d3a93b7efa467fe588d9bb2ef01a0888bc2b9f6aa12e67c5a
                                                                                                                                                                                • Opcode Fuzzy Hash: 61034f3484858b031ddec6510427f16abae38c00ff857c6c04db67119d5ca015
                                                                                                                                                                                • Instruction Fuzzy Hash: AA21D0B09006099FDB14DF95D842FAEB7B4FB54714F00821EF911AB2D1EB382E08CB45
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00451FC6, Relevance: 10.6, APIs: 7, Instructions: 71threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 73%
                                                                                                                                                                                			E00451FC6(void* __edx, void* __esi, struct _SECURITY_ATTRIBUTES* _a4, long _a8, char _a12, intOrPtr _a16, long _a20, DWORD* _a24) {
				DWORD* _v8;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t20;
				DWORD* _t25;
				intOrPtr* _t27;
				char _t41;
				void* _t44;

				_t41 = _a12;
				_v8 = 0;
				_t48 = _t41;
				if(_t41 != 0) {
					_push(__esi);
					E00457212();
					_t44 = E00457789(1, 0x214);
					__eflags = _t44;
					if(__eflags == 0) {
						L7:
						_push(_t44);
						E0044FAFC(0, _t41, _t44, __eflags);
						__eflags = _v8;
						if(_v8 != 0) {
							E0045449D(_v8);
						}
						_t20 = 0;
						__eflags = 0;
					} else {
						_push( *((intOrPtr*)(E00457400(0, __edx, _t41, __eflags) + 0x6c)));
						_push(_t44);
						E004572A0(0, _t41, _t44, __eflags);
						 *(_t44 + 4) =  *(_t44 + 4) | 0xffffffff;
						 *((intOrPtr*)(_t44 + 0x58)) = _a16;
						_t25 = _a24;
						 *((intOrPtr*)(_t44 + 0x54)) = _t41;
						__eflags = _t25;
						if(_t25 == 0) {
							_t25 =  &_a12;
						}
						_t20 = CreateThread(_a4, _a8, E00451F43, _t44, _a20, _t25); // executed
						__eflags = _t20;
						if(__eflags == 0) {
							_v8 = GetLastError();
							goto L7;
						}
					}
				} else {
					_t27 = E00454477(_t48);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t27 = 0x16;
					E004557A5(__edx, _t41, __esi);
					_t20 = 0;
				}
				return _t20;
			}












                                                                                                                                                                                0x00451fce
                                                                                                                                                                                0x00451fd3
                                                                                                                                                                                0x00451fd6
                                                                                                                                                                                0x00451fd8
                                                                                                                                                                                0x00451ff6
                                                                                                                                                                                0x00451ff7
                                                                                                                                                                                0x00452008
                                                                                                                                                                                0x0045200c
                                                                                                                                                                                0x0045200e
                                                                                                                                                                                0x0045205a
                                                                                                                                                                                0x0045205a
                                                                                                                                                                                0x0045205b
                                                                                                                                                                                0x00452061
                                                                                                                                                                                0x00452064
                                                                                                                                                                                0x00452069
                                                                                                                                                                                0x0045206e
                                                                                                                                                                                0x0045206f
                                                                                                                                                                                0x0045206f
                                                                                                                                                                                0x00452010
                                                                                                                                                                                0x00452015
                                                                                                                                                                                0x00452018
                                                                                                                                                                                0x00452019
                                                                                                                                                                                0x00452021
                                                                                                                                                                                0x00452025
                                                                                                                                                                                0x00452028
                                                                                                                                                                                0x0045202d
                                                                                                                                                                                0x00452030
                                                                                                                                                                                0x00452032
                                                                                                                                                                                0x00452034
                                                                                                                                                                                0x00452034
                                                                                                                                                                                0x00452047
                                                                                                                                                                                0x0045204d
                                                                                                                                                                                0x0045204f
                                                                                                                                                                                0x00452057
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00452057
                                                                                                                                                                                0x0045204f
                                                                                                                                                                                0x00451fda
                                                                                                                                                                                0x00451fda
                                                                                                                                                                                0x00451fdf
                                                                                                                                                                                0x00451fe0
                                                                                                                                                                                0x00451fe1
                                                                                                                                                                                0x00451fe2
                                                                                                                                                                                0x00451fe3
                                                                                                                                                                                0x00451fe4
                                                                                                                                                                                0x00451fea
                                                                                                                                                                                0x00451ff2
                                                                                                                                                                                0x00451ff2
                                                                                                                                                                                0x00452075

                                                                                                                                                                                APIs
                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 00451FF7
                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00452003
                                                                                                                                                                                • __getptd.LIBCMT ref: 00452010
                                                                                                                                                                                • __initptd.LIBCMT ref: 00452019
                                                                                                                                                                                • CreateThread.KERNEL32(?,?,00451F43,00000000,?,?), ref: 00452047
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 00452051
                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00452069
                                                                                                                                                                                  • Part of subcall function 00454477: __getptd_noexit.LIBCMT ref: 00454477
                                                                                                                                                                                  • Part of subcall function 004557A5: __decode_pointer.LIBCMT ref: 004557B0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit__initptd
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3358092440-0
                                                                                                                                                                                • Opcode ID: 26d222637614caea9229c71ed777be5846206efd60edda216f56c581922281af
                                                                                                                                                                                • Instruction ID: c78e5e2b538e6bd289abf04ab91bbdd9a97470878333c0d25e63948099598028
                                                                                                                                                                                • Opcode Fuzzy Hash: 26d222637614caea9229c71ed777be5846206efd60edda216f56c581922281af
                                                                                                                                                                                • Instruction Fuzzy Hash: 11110872504205AFDB10BFA5EC4199F77E4EF05329B10403FFD00961A3EBB89D49DA68
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004956B0, Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 293comCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 73%
                                                                                                                                                                                			E004956B0(void* __ebx, signed int __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				signed int _v20;
				char _v48;
				char _v52;
				signed int _v56;
				char _v60;
				char _v64;
				signed int _v68;
				char _v72;
				char _v76;
				char _v80;
				intOrPtr _v88;
				char _v96;
				char _v97;
				char _v104;
				char _v108;
				signed int _v112;
				char* _v116;
				signed int* _v120;
				signed int _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr* _v144;
				intOrPtr* _v148;
				signed int _t132;
				signed int _t133;
				signed int _t138;
				signed char _t148;
				signed int _t155;
				signed char _t159;
				signed int _t160;
				signed int _t170;
				signed char _t177;
				signed int _t188;
				signed char _t189;
				signed int _t194;
				signed char _t195;
				void* _t204;
				void* _t279;
				void* _t280;
				signed int _t281;

				_t280 = __esi;
				_t279 = __edi;
				_t272 = __edx;
				_t204 = __ebx;
				_push(0xffffffff);
				_push(0x5068d3);
				_push( *[fs:0x0]);
				_t132 =  *0x561244; // 0x554c9ad9
				_t133 = _t132 ^ _t281;
				_v20 = _t133;
				_push(_t133);
				 *[fs:0x0] =  &_v16;
				_v112 = 0;
				E004175C0(E00434050( &_v97));
				_v8 = 1;
				while(1) {
					E00414C90();
					_v8 = 2;
					_t138 = E00434050( &_v60);
					__imp__CoCreateInstance(0x51d91c, 0, 1, 0x51d84c, _t138); // executed
					_v68 = _t138;
					if(_v68 < 0 || (E00431950( &_v60) & 0x000000ff) != 0) {
						break;
					}
					E00414C90();
					_v8 = 3;
					_t148 = E00494F20(__eflags);
					__eflags = _t148 & 0x000000ff;
					if((_t148 & 0x000000ff) == 0) {
						_v116 = L"root\\SecurityCenter";
					} else {
						_v116 = L"root\\SecurityCenter2";
					}
					E00416A50( &_v72, _v116);
					_v8 = 4;
					_v120 = E0041D530( &_v60);
					_t272 =  *_v120;
					_t155 =  *((intOrPtr*)( *((intOrPtr*)( *_v120 + 0xc))))(_v120, E0041D530( &_v72), 0, 0, 0, 0, 0, 0, E00434050( &_v80)); // executed
					_v68 = _t155;
					__eflags = _v68;
					if(_v68 < 0) {
						L9:
						_v8 = 3;
						E00417300( &_v72);
						_v8 = 2;
						E0040D320();
						_v8 = 1;
						E0040D320();
					} else {
						_t159 = E00431950( &_v80);
						__eflags = _t159 & 0x000000ff;
						if((_t159 & 0x000000ff) == 0) {
							_t160 = E0041D530( &_v80);
							__imp__CoSetProxyBlanket(_t160, 0xa, 0, 0, 3, 3, 0, 0); // executed
							_v68 = _t160;
							__eflags = _v68;
							if(_v68 >= 0) {
								E00414C90();
								_v8 = 5;
								_v124 = E0041D530( &_v80);
								_v128 = E00416A50( &_v104, L"SELECT * FROM AntivirusProduct");
								_v132 = _v128;
								_v8 = 6;
								_v136 = E00416A50( &_v108, L"WQL");
								_v140 = _v136;
								_v8 = 7;
								_t272 = _v124;
								_t170 =  *((intOrPtr*)( *((intOrPtr*)( *_v124 + 0x50))))(_v124, E0041D530(_v140), E0041D530(_v132), 0x30, 0, E00434050( &_v64)); // executed
								_v68 = _t170;
								_v8 = 6;
								E00417300( &_v108);
								_v8 = 5;
								E00417300( &_v104);
								__eflags = _v68;
								if(_v68 < 0) {
									L14:
									_v8 = 4;
									E0040D320();
									_v8 = 3;
									E00417300( &_v72);
									_v8 = 2;
									E0040D320();
									_v8 = 1;
									E0040D320();
								} else {
									_t177 = E00431950( &_v64);
									_t272 = _t177 & 0x000000ff;
									__eflags = _t177 & 0x000000ff;
									if((_t177 & 0x000000ff) == 0) {
										E00414C90();
										_v8 = 8;
										while(1) {
											__eflags = 1;
											if(1 == 0) {
												break;
											}
											_v56 = 0;
											_v144 = E0041D530( &_v64);
											_t188 =  *((intOrPtr*)( *((intOrPtr*)( *_v144 + 0x10))))(_v144, 0xffffffff, 1, E00434050( &_v76),  &_v56); // executed
											_v68 = _t188;
											__eflags = _v68;
											if(_v68 < 0) {
												L20:
											} else {
												_t189 = E00431950( &_v76);
												__eflags = _t189 & 0x000000ff;
												if((_t189 & 0x000000ff) != 0) {
													goto L20;
												} else {
													__eflags = _v56;
													if(_v56 != 0) {
														E00416A10( &_v96);
														_v8 = 9;
														_v148 = E0041D530( &_v76);
														_t194 =  *((intOrPtr*)( *((intOrPtr*)( *_v148 + 0x10))))(_v148, L"displayName", 0,  &_v96, 0, 0); // executed
														_v68 = _t194;
														_t195 = E00416630( &_v48);
														__eflags = _t195 & 0x000000ff;
														if((_t195 & 0x000000ff) == 0) {
															E004130D0( &_v48, ";");
														}
														E004130D0( &_v48, _v88);
														E00407680( &_v76);
														_v8 = 8;
														E00417430( &_v96);
														continue;
													} else {
														goto L20;
													}
												}
											}
											break;
										}
										_v8 = 5;
										E0040D320();
										_v8 = 4;
										E0040D320();
										_v8 = 3;
										E00417300( &_v72);
										_v8 = 2;
										E0040D320();
										_v8 = 1;
										E0040D320();
										_t272 = 0;
										__eflags = 0;
										if(0 != 0) {
											continue;
										}
									} else {
										goto L14;
									}
								}
							} else {
								_v8 = 3;
								E00417300( &_v72);
								_v8 = 2;
								E0040D320();
								_v8 = 1;
								E0040D320();
							}
						} else {
							goto L9;
						}
					}
					L25:
					E00417660(_a4,  &_v52);
					_v112 = _v112 | 0x00000001;
					_v8 = 0;
					E004176E0();
					 *[fs:0x0] = _v16;
					return E0044F6C8(_a4, _t204, _v20 ^ _t281, _t272, _t279, _t280);
				}
				_v8 = 1;
				E0040D320();
				goto L25;
			}















































                                                                                                                                                                                0x004956b0
                                                                                                                                                                                0x004956b0
                                                                                                                                                                                0x004956b0
                                                                                                                                                                                0x004956b0
                                                                                                                                                                                0x004956b3
                                                                                                                                                                                0x004956b5
                                                                                                                                                                                0x004956c0
                                                                                                                                                                                0x004956c7
                                                                                                                                                                                0x004956cc
                                                                                                                                                                                0x004956ce
                                                                                                                                                                                0x004956d1
                                                                                                                                                                                0x004956d5
                                                                                                                                                                                0x004956db
                                                                                                                                                                                0x004956ee
                                                                                                                                                                                0x004956f3
                                                                                                                                                                                0x004956fa
                                                                                                                                                                                0x004956fd
                                                                                                                                                                                0x00495702
                                                                                                                                                                                0x00495709
                                                                                                                                                                                0x0049571d
                                                                                                                                                                                0x00495723
                                                                                                                                                                                0x0049572a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0049574f
                                                                                                                                                                                0x00495754
                                                                                                                                                                                0x00495758
                                                                                                                                                                                0x00495760
                                                                                                                                                                                0x00495762
                                                                                                                                                                                0x0049576d
                                                                                                                                                                                0x00495764
                                                                                                                                                                                0x00495764
                                                                                                                                                                                0x00495764
                                                                                                                                                                                0x0049577b
                                                                                                                                                                                0x00495780
                                                                                                                                                                                0x0049578c
                                                                                                                                                                                0x004957b4
                                                                                                                                                                                0x004957b9
                                                                                                                                                                                0x004957bb
                                                                                                                                                                                0x004957be
                                                                                                                                                                                0x004957c2
                                                                                                                                                                                0x004957d3
                                                                                                                                                                                0x004957d3
                                                                                                                                                                                0x004957da
                                                                                                                                                                                0x004957df
                                                                                                                                                                                0x004957e6
                                                                                                                                                                                0x004957eb
                                                                                                                                                                                0x004957f2
                                                                                                                                                                                0x004957c4
                                                                                                                                                                                0x004957c7
                                                                                                                                                                                0x004957cf
                                                                                                                                                                                0x004957d1
                                                                                                                                                                                0x0049580d
                                                                                                                                                                                0x00495813
                                                                                                                                                                                0x00495819
                                                                                                                                                                                0x0049581c
                                                                                                                                                                                0x00495820
                                                                                                                                                                                0x0049584e
                                                                                                                                                                                0x00495853
                                                                                                                                                                                0x0049585f
                                                                                                                                                                                0x0049586f
                                                                                                                                                                                0x00495875
                                                                                                                                                                                0x00495878
                                                                                                                                                                                0x00495889
                                                                                                                                                                                0x00495895
                                                                                                                                                                                0x0049589b
                                                                                                                                                                                0x004958c5
                                                                                                                                                                                0x004958cd
                                                                                                                                                                                0x004958cf
                                                                                                                                                                                0x004958d2
                                                                                                                                                                                0x004958d9
                                                                                                                                                                                0x004958de
                                                                                                                                                                                0x004958e5
                                                                                                                                                                                0x004958ea
                                                                                                                                                                                0x004958ee
                                                                                                                                                                                0x004958ff
                                                                                                                                                                                0x004958ff
                                                                                                                                                                                0x00495906
                                                                                                                                                                                0x0049590b
                                                                                                                                                                                0x00495912
                                                                                                                                                                                0x00495917
                                                                                                                                                                                0x0049591e
                                                                                                                                                                                0x00495923
                                                                                                                                                                                0x0049592a
                                                                                                                                                                                0x004958f0
                                                                                                                                                                                0x004958f3
                                                                                                                                                                                0x004958f8
                                                                                                                                                                                0x004958fb
                                                                                                                                                                                0x004958fd
                                                                                                                                                                                0x00495937
                                                                                                                                                                                0x0049593c
                                                                                                                                                                                0x00495940
                                                                                                                                                                                0x00495945
                                                                                                                                                                                0x00495947
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0049594d
                                                                                                                                                                                0x0049595c
                                                                                                                                                                                0x00495985
                                                                                                                                                                                0x00495987
                                                                                                                                                                                0x0049598a
                                                                                                                                                                                0x0049598e
                                                                                                                                                                                0x004959a5
                                                                                                                                                                                0x00495990
                                                                                                                                                                                0x00495993
                                                                                                                                                                                0x0049599b
                                                                                                                                                                                0x0049599d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0049599f
                                                                                                                                                                                0x0049599f
                                                                                                                                                                                0x004959a3
                                                                                                                                                                                0x004959ad
                                                                                                                                                                                0x004959b2
                                                                                                                                                                                0x004959be
                                                                                                                                                                                0x004959e5
                                                                                                                                                                                0x004959e7
                                                                                                                                                                                0x004959ed
                                                                                                                                                                                0x004959f5
                                                                                                                                                                                0x004959f7
                                                                                                                                                                                0x00495a01
                                                                                                                                                                                0x00495a01
                                                                                                                                                                                0x00495a0d
                                                                                                                                                                                0x00495a15
                                                                                                                                                                                0x00495a1a
                                                                                                                                                                                0x00495a21
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004959a3
                                                                                                                                                                                0x0049599d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0049598e
                                                                                                                                                                                0x00495a2b
                                                                                                                                                                                0x00495a32
                                                                                                                                                                                0x00495a37
                                                                                                                                                                                0x00495a3e
                                                                                                                                                                                0x00495a43
                                                                                                                                                                                0x00495a4a
                                                                                                                                                                                0x00495a4f
                                                                                                                                                                                0x00495a56
                                                                                                                                                                                0x00495a5b
                                                                                                                                                                                0x00495a62
                                                                                                                                                                                0x00495a67
                                                                                                                                                                                0x00495a67
                                                                                                                                                                                0x00495a69
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004958fd
                                                                                                                                                                                0x00495822
                                                                                                                                                                                0x00495822
                                                                                                                                                                                0x00495829
                                                                                                                                                                                0x0049582e
                                                                                                                                                                                0x00495835
                                                                                                                                                                                0x0049583a
                                                                                                                                                                                0x00495841
                                                                                                                                                                                0x00495841
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004957d1
                                                                                                                                                                                0x00495a6f
                                                                                                                                                                                0x00495a76
                                                                                                                                                                                0x00495a81
                                                                                                                                                                                0x00495a84
                                                                                                                                                                                0x00495a8b
                                                                                                                                                                                0x00495a96
                                                                                                                                                                                0x00495aab
                                                                                                                                                                                0x00495aab
                                                                                                                                                                                0x0049573b
                                                                                                                                                                                0x00495742
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • CoCreateInstance.OLE32(0051D91C,00000000,00000001,0051D84C,00000000,00000000,554C9AD9), ref: 0049571D
                                                                                                                                                                                • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00495813
                                                                                                                                                                                  • Part of subcall function 00417300: SysFreeString.OLEAUT32(?), ref: 0041730D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: BlanketCreateFreeInstanceProxyString
                                                                                                                                                                                • String ID: SELECT * FROM AntivirusProduct$WQL$displayName
                                                                                                                                                                                • API String ID: 2425965127-1899659945
                                                                                                                                                                                • Opcode ID: a332d31f449aa834fa519dcc36e00519bcd0d3328edff465656ed63dfd833441
                                                                                                                                                                                • Instruction ID: a90a17872c16f0e7047f23e41f78ce943a9bde9899b374faa89ec17282e8318f
                                                                                                                                                                                • Opcode Fuzzy Hash: a332d31f449aa834fa519dcc36e00519bcd0d3328edff465656ed63dfd833441
                                                                                                                                                                                • Instruction Fuzzy Hash: 71C17F70D05248EEDF15EBA5D851BEDBBB0BF14308F60806EE412B71D2DB782A49CB59
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00483370, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 73%
                                                                                                                                                                                			E00483370(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				intOrPtr _v34;
				intOrPtr _v38;
				intOrPtr _v42;
				intOrPtr _v46;
				intOrPtr _v50;
				intOrPtr _v54;
				char _v56;
				signed int _v57;
				signed int _v64;
				signed int _v68;
				char _v69;
				char _v70;
				signed int _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* __ebp;
				signed int _t70;
				signed int _t71;
				signed int _t75;
				signed int _t76;
				void* _t78;
				signed int _t81;
				intOrPtr _t82;
				signed int _t91;
				signed int _t119;
				void* _t123;
				void* _t126;
				signed int _t127;
				void* _t128;
				void* _t130;

				_t126 = __esi;
				_t125 = __edi;
				_t95 = __ebx;
				_push(0xffffffff);
				_push(0x50819f);
				_push( *[fs:0x0]);
				_t70 =  *0x561244; // 0x554c9ad9
				_t71 = _t70 ^ _t127;
				_v28 = _t71;
				_push(_t71);
				 *[fs:0x0] =  &_v16;
				_v80 = __ecx;
				_v76 = 0;
				_v24 = 0;
				_v56 = 0;
				_v54 = 0;
				_v50 = 0;
				_v46 = 0;
				_v42 = 0;
				_v38 = 0;
				_v34 = 0;
				_t116 =  &_v24;
				_push( &_v24);
				_push(0);
				_push(0);
				_push(0);
				_push(0); // executed
				L0044F178(); // executed
				_t75 = E0044FBD9(__ebx,  &_v24, __edi, _v24);
				_t130 = _t128 - 0x44 + 4;
				_v20 = _t75;
				if(_v20 != 0) {
					_push( &_v24);
					_t76 = _v20;
					_push(_t76);
					_push(0);
					_push(0);
					_push(0); // executed
					L0044F178(); // executed
					__eflags = _t76;
					if(__eflags == 0) {
						_v57 = 1;
						_v64 = _v20;
						while(1) {
							__eflags = _v57 & 0x000000ff;
							if((_v57 & 0x000000ff) == 0) {
								break;
							}
							__eflags = _v64;
							if(_v64 != 0) {
								_t119 = _v64;
								__eflags =  *((intOrPtr*)(_t119 + 0x34)) - 6;
								if( *((intOrPtr*)(_t119 + 0x34)) >= 6) {
									_v84 = 6;
								} else {
									_v84 =  *((intOrPtr*)(_v64 + 0x34));
								}
								_v24 = _v84;
								_v68 = 0;
								while(1) {
									__eflags = _v68 - _v24;
									if(_v68 >= _v24) {
										break;
									}
									_t123 = _v64 + _v68;
									__eflags =  *(_t123 + 0x2c) & 0x000000ff;
									if(( *(_t123 + 0x2c) & 0x000000ff) != 0) {
										_v57 = 0;
									}
									wsprintfW(_t127 + (_v68 << 1) * 2 - 0x34, L"%02X",  *(_v64 + _v68 + 0x2c) & 0x000000ff);
									_t130 = _t130 + 0xc;
									_t91 = _v68 + 1;
									__eflags = _t91;
									_v68 = _t91;
								}
								_v64 =  *((intOrPtr*)(_v64 + 8));
								continue;
							}
							break;
						}
						__eflags = _v57 & 0x000000ff;
						if(__eflags != 0) {
							__eflags = 0;
							_v56 = 0;
						}
					}
					_push(_v20);
					E0044FAFC(_t95, _t125, _t126, __eflags);
					_t78 = E00434050( &_v70);
					_t116 =  &_v56;
					E00417910( &_v56, _t78);
					_v8 = 0;
					_t81 = _v76 | 0x00000001;
					__eflags = _t81;
					_v76 = _t81;
					_t82 = _a4;
				} else {
					E004175C0(E00434050( &_v69));
					_v8 = 0;
					_v76 = _v76 | 0x00000001;
					_t82 = _a4;
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t82, _t95, _v28 ^ _t127, _t116, _t125, _t126);
			}






































                                                                                                                                                                                0x00483370
                                                                                                                                                                                0x00483370
                                                                                                                                                                                0x00483370
                                                                                                                                                                                0x00483373
                                                                                                                                                                                0x00483375
                                                                                                                                                                                0x00483380
                                                                                                                                                                                0x00483384
                                                                                                                                                                                0x00483389
                                                                                                                                                                                0x0048338b
                                                                                                                                                                                0x0048338e
                                                                                                                                                                                0x00483392
                                                                                                                                                                                0x00483398
                                                                                                                                                                                0x0048339b
                                                                                                                                                                                0x004833a2
                                                                                                                                                                                0x004833ab
                                                                                                                                                                                0x004833b1
                                                                                                                                                                                0x004833b4
                                                                                                                                                                                0x004833b7
                                                                                                                                                                                0x004833ba
                                                                                                                                                                                0x004833bd
                                                                                                                                                                                0x004833c0
                                                                                                                                                                                0x004833c3
                                                                                                                                                                                0x004833c6
                                                                                                                                                                                0x004833c7
                                                                                                                                                                                0x004833c9
                                                                                                                                                                                0x004833cb
                                                                                                                                                                                0x004833cd
                                                                                                                                                                                0x004833cf
                                                                                                                                                                                0x004833d8
                                                                                                                                                                                0x004833dd
                                                                                                                                                                                0x004833e0
                                                                                                                                                                                0x004833e7
                                                                                                                                                                                0x00483415
                                                                                                                                                                                0x00483416
                                                                                                                                                                                0x00483419
                                                                                                                                                                                0x0048341a
                                                                                                                                                                                0x0048341c
                                                                                                                                                                                0x0048341e
                                                                                                                                                                                0x00483420
                                                                                                                                                                                0x00483425
                                                                                                                                                                                0x00483427
                                                                                                                                                                                0x0048342d
                                                                                                                                                                                0x00483434
                                                                                                                                                                                0x00483442
                                                                                                                                                                                0x00483446
                                                                                                                                                                                0x00483448
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0048344a
                                                                                                                                                                                0x0048344e
                                                                                                                                                                                0x00483450
                                                                                                                                                                                0x00483453
                                                                                                                                                                                0x00483457
                                                                                                                                                                                0x00483464
                                                                                                                                                                                0x00483459
                                                                                                                                                                                0x0048345f
                                                                                                                                                                                0x0048345f
                                                                                                                                                                                0x0048346e
                                                                                                                                                                                0x00483471
                                                                                                                                                                                0x00483483
                                                                                                                                                                                0x00483486
                                                                                                                                                                                0x00483489
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0048348e
                                                                                                                                                                                0x00483495
                                                                                                                                                                                0x00483497
                                                                                                                                                                                0x00483499
                                                                                                                                                                                0x00483499
                                                                                                                                                                                0x004834b7
                                                                                                                                                                                0x004834bd
                                                                                                                                                                                0x0048347d
                                                                                                                                                                                0x0048347d
                                                                                                                                                                                0x00483480
                                                                                                                                                                                0x00483480
                                                                                                                                                                                0x0048343f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0048343f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0048344e
                                                                                                                                                                                0x004834cb
                                                                                                                                                                                0x004834cd
                                                                                                                                                                                0x004834cf
                                                                                                                                                                                0x004834d1
                                                                                                                                                                                0x004834d1
                                                                                                                                                                                0x004834cd
                                                                                                                                                                                0x004834d8
                                                                                                                                                                                0x004834d9
                                                                                                                                                                                0x004834e4
                                                                                                                                                                                0x004834ea
                                                                                                                                                                                0x004834f1
                                                                                                                                                                                0x004834f6
                                                                                                                                                                                0x00483500
                                                                                                                                                                                0x00483500
                                                                                                                                                                                0x00483503
                                                                                                                                                                                0x00483506
                                                                                                                                                                                0x004833e9
                                                                                                                                                                                0x004833f5
                                                                                                                                                                                0x004833fa
                                                                                                                                                                                0x00483407
                                                                                                                                                                                0x0048340a
                                                                                                                                                                                0x0048340a
                                                                                                                                                                                0x0048350c
                                                                                                                                                                                0x00483521

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,00000000), ref: 004833CF
                                                                                                                                                                                • _malloc.LIBCMT ref: 004833D8
                                                                                                                                                                                  • Part of subcall function 0044FBD9: __FF_MSGBANNER.LIBCMT ref: 0044FBFC
                                                                                                                                                                                  • Part of subcall function 0044FBD9: __NMSG_WRITE.LIBCMT ref: 0044FC03
                                                                                                                                                                                  • Part of subcall function 0044FBD9: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00457755,?,00000001,?,?,00457D86,00000018,005444D8,0000000C,00457E17), ref: 0044FC50
                                                                                                                                                                                • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,00000000), ref: 00483420
                                                                                                                                                                                • wsprintfW.USER32 ref: 004834B7
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AdaptersAddresses$AllocateHeap_mallocwsprintf
                                                                                                                                                                                • String ID: %02X
                                                                                                                                                                                • API String ID: 1271595815-436463671
                                                                                                                                                                                • Opcode ID: 163b4803e229894fb2b94dd5ba6165cf8eee86857ab82d3f0ddb2f5ee7f10624
                                                                                                                                                                                • Instruction ID: 74c00cfa6e4194ed32f9d88a42d5c1b14a641d40552b31fe4e7540d7c5541a95
                                                                                                                                                                                • Opcode Fuzzy Hash: 163b4803e229894fb2b94dd5ba6165cf8eee86857ab82d3f0ddb2f5ee7f10624
                                                                                                                                                                                • Instruction Fuzzy Hash: 78514B70E04248DFDB08DF99D881BEEBBB1BF48B05F10452EE405A7380D774AA05CB59
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00482B50, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 118COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                			E00482B50(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v48;
				void* _v52;
				char _v60;
				char _v128;
				char _v132;
				char _v164;
				char _v192;
				char _v193;
				char _v194;
				signed int _v200;
				intOrPtr _v204;
				intOrPtr _v208;
				intOrPtr _v212;
				char _v216;
				intOrPtr _v220;
				intOrPtr _v224;
				signed int _t57;
				signed int _t58;
				intOrPtr _t62;
				void* _t69;
				signed int _t73;
				intOrPtr _t76;
				signed int _t115;

				_t114 = __esi;
				_t113 = __edi;
				_t86 = __ebx;
				_push(0xffffffff);
				_push(0x50a6fb);
				_push( *[fs:0x0]);
				_t57 =  *0x561244; // 0x554c9ad9
				_t58 = _t57 ^ _t115;
				_v20 = _t58;
				_push(_t58);
				 *[fs:0x0] =  &_v16;
				_v200 = 0;
				E00434E30( &_v60);
				_v8 = 1;
				_t62 = E00482980(__ebx, __edi, __esi, __eflags,  &_v164, "LIpq0hKVkVaLMSLNpdvbwZ1ujeVTM3C6kW4BzYpnFeY3Qs6E"); // executed
				_v204 = _t62;
				_v208 = _v204;
				_v8 = 2;
				_v212 = _v208;
				if(_v212 == 0) {
					_v216 = 0;
				} else {
					_v216 = _v212 + 4;
				}
				_t111 =  &_v192;
				_v220 = E00409760( &_v192, L"Software\\", _v216);
				_v224 = _v220;
				_v8 = 3;
				E00409810(_v224);
				_v8 = 5;
				E004178C0( &_v192);
				_v8 = 6;
				E004176E0();
				_t69 = E0041EEA0( &_v60, 0x80000001, E00416A30( &_v48), 1); // executed
				if(_t69 != 0) {
					L6:
					E00417910("0", E00434050( &_v194));
					_t73 = _v200 | 0x00000001;
					__eflags = _t73;
					_v200 = _t73;
					_v8 = 1;
					E004176E0();
					_v8 = 0;
					E0041EF60( &_v60);
					_t76 = _a4;
				} else {
					_v132 = 0x20;
					_t111 =  &_v132;
					if(E0041EDE0( &_v60, L"version",  &_v128,  &_v132) != 0) {
						goto L6;
					} else {
						E00417910( &_v128, E00434050( &_v193));
						_t111 = _v200 | 0x00000001;
						_v200 = _v200 | 0x00000001;
						_v8 = 1;
						E004176E0();
						_v8 = 0;
						E0041EF60( &_v60);
						_t76 = _a4;
					}
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t76, _t86, _v20 ^ _t115, _t111, _t113, _t114);
			}





























                                                                                                                                                                                0x00482b50
                                                                                                                                                                                0x00482b50
                                                                                                                                                                                0x00482b50
                                                                                                                                                                                0x00482b53
                                                                                                                                                                                0x00482b55
                                                                                                                                                                                0x00482b60
                                                                                                                                                                                0x00482b67
                                                                                                                                                                                0x00482b6c
                                                                                                                                                                                0x00482b6e
                                                                                                                                                                                0x00482b71
                                                                                                                                                                                0x00482b75
                                                                                                                                                                                0x00482b7b
                                                                                                                                                                                0x00482b88
                                                                                                                                                                                0x00482b8d
                                                                                                                                                                                0x00482ba0
                                                                                                                                                                                0x00482ba8
                                                                                                                                                                                0x00482bb4
                                                                                                                                                                                0x00482bba
                                                                                                                                                                                0x00482bc4
                                                                                                                                                                                0x00482bd1
                                                                                                                                                                                0x00482be4
                                                                                                                                                                                0x00482bd3
                                                                                                                                                                                0x00482bdc
                                                                                                                                                                                0x00482bdc
                                                                                                                                                                                0x00482bfa
                                                                                                                                                                                0x00482c09
                                                                                                                                                                                0x00482c15
                                                                                                                                                                                0x00482c1b
                                                                                                                                                                                0x00482c29
                                                                                                                                                                                0x00482c2e
                                                                                                                                                                                0x00482c38
                                                                                                                                                                                0x00482c3d
                                                                                                                                                                                0x00482c47
                                                                                                                                                                                0x00482c5f
                                                                                                                                                                                0x00482c66
                                                                                                                                                                                0x00482ccc
                                                                                                                                                                                0x00482ce0
                                                                                                                                                                                0x00482ceb
                                                                                                                                                                                0x00482ceb
                                                                                                                                                                                0x00482cee
                                                                                                                                                                                0x00482cf4
                                                                                                                                                                                0x00482cfb
                                                                                                                                                                                0x00482d00
                                                                                                                                                                                0x00482d07
                                                                                                                                                                                0x00482d0c
                                                                                                                                                                                0x00482c68
                                                                                                                                                                                0x00482c68
                                                                                                                                                                                0x00482c6f
                                                                                                                                                                                0x00482c86
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00482c88
                                                                                                                                                                                0x00482c9b
                                                                                                                                                                                0x00482ca6
                                                                                                                                                                                0x00482ca9
                                                                                                                                                                                0x00482caf
                                                                                                                                                                                0x00482cb6
                                                                                                                                                                                0x00482cbb
                                                                                                                                                                                0x00482cc2
                                                                                                                                                                                0x00482cc7
                                                                                                                                                                                0x00482cc7
                                                                                                                                                                                0x00482c86
                                                                                                                                                                                0x00482d12
                                                                                                                                                                                0x00482d27

                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00482B88
                                                                                                                                                                                  • Part of subcall function 00482980: __wsplitpath.LIBCMT ref: 00482A17
                                                                                                                                                                                  • Part of subcall function 00482980: PathAddBackslashW.SHLWAPI(?), ref: 00482A26
                                                                                                                                                                                  • Part of subcall function 00482980: GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00482A43
                                                                                                                                                                                  • Part of subcall function 00482980: _sprintf.LIBCMT ref: 00482A59
                                                                                                                                                                                  • Part of subcall function 00482980: _strlen.LIBCMT ref: 00482A6F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: BackslashInformationIterator_baseIterator_base::_PathVolume__wsplitpath_sprintf_strlenstd::_
                                                                                                                                                                                • String ID: $LIpq0hKVkVaLMSLNpdvbwZ1ujeVTM3C6kW4BzYpnFeY3Qs6E$Software\$version
                                                                                                                                                                                • API String ID: 296098145-3287272050
                                                                                                                                                                                • Opcode ID: 2969143413e13fd587d2e85e6ae4f40ac88d2bf3f4d2bfa630b0b94969cf8208
                                                                                                                                                                                • Instruction ID: c9e1c919f2778ae1223114ef198848190ed5c3c8b707527d29b4e5ca660a6d17
                                                                                                                                                                                • Opcode Fuzzy Hash: 2969143413e13fd587d2e85e6ae4f40ac88d2bf3f4d2bfa630b0b94969cf8208
                                                                                                                                                                                • Instruction Fuzzy Hash: 38513A70904258EFEB14EFA5DD51BEDBBB4BF14308F10459EE409A7281EB742A88CF65
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004D6EA0, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 118COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                			E004D6EA0(void* __ebx, void* __edi, void* __esi, void* __eflags, WCHAR* _a4, intOrPtr _a8, char _a12) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v48;
				char _v52;
				char _v574;
				short _v576;
				char _v577;
				char _v612;
				char _v613;
				intOrPtr _v620;
				char _v652;
				char _v653;
				intOrPtr _v660;
				signed int _t46;
				signed int _t47;
				signed char _t54;
				intOrPtr _t61;
				short _t63;
				WCHAR* _t65;
				void* _t68;
				signed int _t107;

				_t106 = __esi;
				_t105 = __edi;
				_t75 = __ebx;
				_push(0xffffffff);
				_push(0x509cb9);
				_push( *[fs:0x0]);
				_t46 =  *0x561244; // 0x554c9ad9
				_t47 = _t46 ^ _t107;
				_v20 = _t47;
				_push(_t47);
				 *[fs:0x0] =  &_v16;
				E004175C0(E00434050( &_v577));
				_v8 = 0;
				E00495D00(__ebx, __edi, __esi, 0x10,  &_v52, 1, 1); // executed
				E004130D0( &_v48, L"Methods.txt");
				if(_a12 == 0) {
					_a12 = 0x534fe4;
				}
				_t54 = E0049E7E0( &_v52, 0); // executed
				if((_t54 & 0x000000ff) == 0) {
					L5:
					E00417910(_a12, E00434050( &_v653));
					_v8 = 2;
					_t103 =  &_v652;
					E004181D0(_a8,  &_v652);
					_v8 = 0;
					E004176E0();
					_v660 = E0042E0C0(_a8 + 4);
					_v8 = 0xffffffff;
					E004176E0();
					_t61 = _v660;
				} else {
					_t63 =  *0x534fe8; // 0x0
					_v576 = _t63;
					E00451D90(_t105,  &_v574, 0, 0x206);
					_t65 = E00416A30( &_v48);
					_t15 =  &_a12; // 0x534fe4
					if(GetPrivateProfileStringW(L"babylon", _a4,  *_t15,  &_v576, 0x104, _t65) <= 0) {
						goto L5;
					} else {
						_t68 = E00434050( &_v613);
						_t103 =  &_v576;
						E00417910( &_v576, _t68);
						_v8 = 1;
						E004181D0(_a8,  &_v612);
						_v8 = 0;
						E004176E0();
						_v620 = E0042E0C0(_a8 + 4);
						_v8 = 0xffffffff;
						E004176E0();
						_t61 = _v620;
					}
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t61, _t75, _v20 ^ _t107, _t103, _t105, _t106);
			}

























                                                                                                                                                                                0x004d6ea0
                                                                                                                                                                                0x004d6ea0
                                                                                                                                                                                0x004d6ea0
                                                                                                                                                                                0x004d6ea3
                                                                                                                                                                                0x004d6ea5
                                                                                                                                                                                0x004d6eb0
                                                                                                                                                                                0x004d6eb7
                                                                                                                                                                                0x004d6ebc
                                                                                                                                                                                0x004d6ebe
                                                                                                                                                                                0x004d6ec1
                                                                                                                                                                                0x004d6ec5
                                                                                                                                                                                0x004d6eda
                                                                                                                                                                                0x004d6edf
                                                                                                                                                                                0x004d6ef0
                                                                                                                                                                                0x004d6f00
                                                                                                                                                                                0x004d6f09
                                                                                                                                                                                0x004d6f0b
                                                                                                                                                                                0x004d6f0b
                                                                                                                                                                                0x004d6f18
                                                                                                                                                                                0x004d6f25
                                                                                                                                                                                0x004d6fe2
                                                                                                                                                                                0x004d6ff8
                                                                                                                                                                                0x004d6ffd
                                                                                                                                                                                0x004d7001
                                                                                                                                                                                0x004d700b
                                                                                                                                                                                0x004d7010
                                                                                                                                                                                0x004d701a
                                                                                                                                                                                0x004d702a
                                                                                                                                                                                0x004d7030
                                                                                                                                                                                0x004d703a
                                                                                                                                                                                0x004d703f
                                                                                                                                                                                0x004d6f2b
                                                                                                                                                                                0x004d6f2b
                                                                                                                                                                                0x004d6f31
                                                                                                                                                                                0x004d6f46
                                                                                                                                                                                0x004d6f51
                                                                                                                                                                                0x004d6f63
                                                                                                                                                                                0x004d6f78
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004d6f7a
                                                                                                                                                                                0x004d6f80
                                                                                                                                                                                0x004d6f86
                                                                                                                                                                                0x004d6f93
                                                                                                                                                                                0x004d6f98
                                                                                                                                                                                0x004d6fa6
                                                                                                                                                                                0x004d6fab
                                                                                                                                                                                0x004d6fb5
                                                                                                                                                                                0x004d6fc5
                                                                                                                                                                                0x004d6fcb
                                                                                                                                                                                0x004d6fd5
                                                                                                                                                                                0x004d6fda
                                                                                                                                                                                0x004d6fda
                                                                                                                                                                                0x004d6f78
                                                                                                                                                                                0x004d7048
                                                                                                                                                                                0x004d705d

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00495D00: _memset.LIBCMT ref: 00495D56
                                                                                                                                                                                  • Part of subcall function 00495D00: SHGetFolderPathW.SHELL32(00000000,004CC849,00000000,00000000,?,?,?,554C9AD9), ref: 00495D6F
                                                                                                                                                                                  • Part of subcall function 00495D00: PathAddBackslashW.SHLWAPI(?,?,?,554C9AD9), ref: 00495D93
                                                                                                                                                                                • _memset.LIBCMT ref: 004D6F46
                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32 ref: 004D6F70
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Path_memset$BackslashFolderPrivateProfileString
                                                                                                                                                                                • String ID: Methods.txt$babylon$OS
                                                                                                                                                                                • API String ID: 3325740732-1399207056
                                                                                                                                                                                • Opcode ID: 7539bb0ab52096b40fd8b1ca8defcbbf36aded353843c6198002741ee193b819
                                                                                                                                                                                • Instruction ID: 98828ad401be4145f9bc075ff7626690436c1c006785f8cac0dd7b97ecea69fe
                                                                                                                                                                                • Opcode Fuzzy Hash: 7539bb0ab52096b40fd8b1ca8defcbbf36aded353843c6198002741ee193b819
                                                                                                                                                                                • Instruction Fuzzy Hash: 44418A70904218ABDB14EF65DC55FEEB774BF04304F00869EF416A7291EF786A88CB94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00483240, Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                			E00483240(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edi, intOrPtr __esi, void* __eflags) {
				long _v8;
				signed int _v12;
				short _v14;
				intOrPtr _v18;
				short _v20;
				char _v538;
				short _v540;
				intOrPtr _v544;
				signed int _t17;
				signed int _t42;

				_t40 = __edi;
				_t17 =  *0x561244; // 0x554c9ad9
				_v12 = _t17 ^ _t42;
				_v544 = __ecx;
				_v8 = 0;
				_v540 = 0;
				E00451D90(__edi,  &_v538, 0, 0x206);
				_v20 = 0;
				_v18 = 0;
				_v14 = 0;
				GetSystemDirectoryW( &_v540, 0x104);
				E0045508B( &_v540,  &_v20, 0, 0, 0);
				PathAddBackslashW( &_v20);
				GetVolumeInformationW( &_v20, 0, 0,  &_v8, 0, 0, 0, 0); // executed
				return E0044F6C8(_v8, __ebx, _v12 ^ _t42,  &_v8, _t40, __esi);
			}













                                                                                                                                                                                0x00483240
                                                                                                                                                                                0x00483249
                                                                                                                                                                                0x00483250
                                                                                                                                                                                0x00483253
                                                                                                                                                                                0x00483259
                                                                                                                                                                                0x00483262
                                                                                                                                                                                0x00483277
                                                                                                                                                                                0x00483281
                                                                                                                                                                                0x00483287
                                                                                                                                                                                0x0048328a
                                                                                                                                                                                0x0048329a
                                                                                                                                                                                0x004832b1
                                                                                                                                                                                0x004832bd
                                                                                                                                                                                0x004832d7
                                                                                                                                                                                0x004832ed

                                                                                                                                                                                APIs
                                                                                                                                                                                • _memset.LIBCMT ref: 00483277
                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0048329A
                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 004832B1
                                                                                                                                                                                  • Part of subcall function 0045508B: __wsplitpath_helper.LIBCMT ref: 004550CD
                                                                                                                                                                                • PathAddBackslashW.SHLWAPI(?), ref: 004832BD
                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004832D7
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: BackslashDirectoryInformationPathSystemVolume__wsplitpath__wsplitpath_helper_memset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1689572191-0
                                                                                                                                                                                • Opcode ID: 2722dadde5231e78c0d286f39f3dd65ddbc6d3ea9816a338ea9d09ee777a4c26
                                                                                                                                                                                • Instruction ID: fc4c74856658e11cbbe3bb0a7f27a8096cd90a6f71694732b6bea6d2f2d74394
                                                                                                                                                                                • Opcode Fuzzy Hash: 2722dadde5231e78c0d286f39f3dd65ddbc6d3ea9816a338ea9d09ee777a4c26
                                                                                                                                                                                • Instruction Fuzzy Hash: BC119871A9030CABD710DBA4DC4AFED7378AF18700F504559B605A61D0EB706608CB54
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0044FAFC, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 30%
                                                                                                                                                                                			E0044FAFC(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x544138);
				_t8 = E00456860(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E004568A5(_t8);
				}
				if( *0x5c41c0 != 3) {
					_push(_t23);
					L7:
					_push(0);
					_t8 = RtlFreeHeap( *0x5bccc0); // executed
					_t31 = _t8;
					if(_t8 == 0) {
						_t10 = E00454477(_t31);
						 *_t10 = E00454435(GetLastError());
					}
					goto L9;
				}
				E00457DFC(__ebx, 4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = E00457E2F(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					E00457E5F();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E0044FB52();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}







                                                                                                                                                                                0x0044fafc
                                                                                                                                                                                0x0044fafe
                                                                                                                                                                                0x0044fb03
                                                                                                                                                                                0x0044fb08
                                                                                                                                                                                0x0044fb0d
                                                                                                                                                                                0x0044fb84
                                                                                                                                                                                0x0044fb89
                                                                                                                                                                                0x0044fb89
                                                                                                                                                                                0x0044fb16
                                                                                                                                                                                0x0044fb5b
                                                                                                                                                                                0x0044fb5c
                                                                                                                                                                                0x0044fb5c
                                                                                                                                                                                0x0044fb64
                                                                                                                                                                                0x0044fb6a
                                                                                                                                                                                0x0044fb6c
                                                                                                                                                                                0x0044fb6e
                                                                                                                                                                                0x0044fb81
                                                                                                                                                                                0x0044fb83
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0044fb6c
                                                                                                                                                                                0x0044fb1a
                                                                                                                                                                                0x0044fb20
                                                                                                                                                                                0x0044fb25
                                                                                                                                                                                0x0044fb2b
                                                                                                                                                                                0x0044fb30
                                                                                                                                                                                0x0044fb32
                                                                                                                                                                                0x0044fb33
                                                                                                                                                                                0x0044fb34
                                                                                                                                                                                0x0044fb3a
                                                                                                                                                                                0x0044fb3b
                                                                                                                                                                                0x0044fb42
                                                                                                                                                                                0x0044fb4b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0044fb4d
                                                                                                                                                                                0x0044fb4d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0044fb4d

                                                                                                                                                                                APIs
                                                                                                                                                                                • __lock.LIBCMT ref: 0044FB1A
                                                                                                                                                                                  • Part of subcall function 00457DFC: __mtinitlocknum.LIBCMT ref: 00457E12
                                                                                                                                                                                  • Part of subcall function 00457DFC: __amsg_exit.LIBCMT ref: 00457E1E
                                                                                                                                                                                  • Part of subcall function 00457DFC: EnterCriticalSection.KERNEL32(?,?,?,004574AB,0000000D,00544470,00000008,00451FA2,?,00000000), ref: 00457E26
                                                                                                                                                                                • ___sbh_find_block.LIBCMT ref: 0044FB25
                                                                                                                                                                                • ___sbh_free_block.LIBCMT ref: 0044FB34
                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,?,00544138,0000000C,004573F1,00000000,?,00457755,?,00000001,?,?,00457D86,00000018,005444D8,0000000C), ref: 0044FB64
                                                                                                                                                                                • GetLastError.KERNEL32(?,00457755,?,00000001,?,?,00457D86,00000018,005444D8,0000000C,00457E17,?,?,?,004574AB,0000000D), ref: 0044FB75
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2714421763-0
                                                                                                                                                                                • Opcode ID: 6c279857df97adcd3416c356afbc1c3f317e37527fb5748225cca4b9199e88d9
                                                                                                                                                                                • Instruction ID: f78cea26cd6aa1b3e2274e40fd7ff0d3506b0f84db429095f7dfc35530fda498
                                                                                                                                                                                • Opcode Fuzzy Hash: 6c279857df97adcd3416c356afbc1c3f317e37527fb5748225cca4b9199e88d9
                                                                                                                                                                                • Instruction Fuzzy Hash: 5F01D431801301EAEB206BB1DC16B5F3B60EF1172AF50412AF80496192CB3CA98CDA5C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004E74E0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 73%
                                                                                                                                                                                			E004E74E0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edi, intOrPtr __esi, char* _a4, intOrPtr _a8, char _a12, char _a16, intOrPtr _a20, intOrPtr _a24) {
				signed char _v8;
				signed char _v12;
				signed int _v16;
				char _v540;
				signed int _v544;
				signed char _v548;
				signed char _v552;
				signed char _v556;
				char _v560;
				signed char _v561;
				intOrPtr _v568;
				signed int _v572;
				signed int _t56;
				signed char _t59;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t69;
				intOrPtr _t72;
				intOrPtr _t86;
				signed int _t87;
				void* _t88;
				void* _t89;

				_t86 = __esi;
				_t85 = __edi;
				_t72 = __ebx;
				_t56 =  *0x561244; // 0x554c9ad9
				_v16 = _t56 ^ _t87;
				_v568 = __ecx;
				_v12 = 0;
				_v560 = 0;
				_v544 = 0;
				_v552 = 0;
				_v8 = 0;
				_v548 = 0;
				_v556 = 0;
				_v561 = 0;
				_t82 = _a4;
				_t59 = E004E7470(_v568, 0x80000002, _a4, _a8, 0,  &_v540, 0x104); // executed
				_v561 = _t59;
				if((_v561 & 0x000000ff) != 0) {
					_t82 =  &_v540;
					_t66 = E00452330( &_v560,  &_v540, __edi,  &_v540, ".",  &_v560);
					_t89 = _t88 + 0xc;
					_v12 = _t66;
					while(_v12 != 0) {
						_v544 = _v544 + 1;
						_t81 = _v544;
						_v572 = _v544;
						_v572 = _v572 - 1;
						if(_v572 <= 3) {
							switch( *((intOrPtr*)(_v572 * 4 +  &M004E76BC))) {
								case 0:
									_t81 = _v12;
									_push(_v12);
									_t71 = E004520B8();
									_t89 = _t89 + 4;
									_v552 = _t71;
									goto L9;
								case 1:
									__edx = _v12;
									_push(__edx);
									__eax = E004520B8();
									__esp = __esp + 4;
									_v8 = __eax;
									goto L9;
								case 2:
									__eax = _v12;
									_push(_v12);
									__eax = E004520B8();
									__esp = __esp + 4;
									_v548 = __eax;
									goto L9;
								case 3:
									__ecx = _v12;
									_push(__ecx);
									__eax = E004520B8();
									__esp = __esp + 4;
									_v556 = __eax;
									goto L9;
							}
						}
						L9:
						_t82 =  &_v560;
						_t69 = E00452330(_t81,  &_v560, _t85, 0, ".",  &_v560);
						_t89 = _t89 + 0xc;
						_v12 = _t69;
					}
				}
				_t42 =  &_a12; // 0x537d38
				if(_v552 <=  *_t42) {
					_t44 =  &_a12; // 0x537d38
					if(_v552 !=  *_t44) {
						L21:
						_t62 = 0;
					} else {
						_t82 = _v8;
						_t46 =  &_a16; // 0x537c60
						if(_v8 <=  *_t46) {
							_t48 =  &_a16; // 0x537c60
							if(_v8 !=  *_t48) {
								goto L21;
							} else {
								if(_v548 <= _a20) {
									_t82 = _v548;
									if(_v548 != _a20 || _v556 < _a24) {
										goto L21;
									} else {
										_t62 = 1;
									}
								} else {
									_t62 = 1;
								}
							}
						} else {
							_t62 = 1;
						}
					}
				} else {
					_t62 = 1;
				}
				return E0044F6C8(_t62, _t72, _v16 ^ _t87, _t82, _t85, _t86);
			}

























                                                                                                                                                                                0x004e74e0
                                                                                                                                                                                0x004e74e0
                                                                                                                                                                                0x004e74e0
                                                                                                                                                                                0x004e74e9
                                                                                                                                                                                0x004e74f0
                                                                                                                                                                                0x004e74f3
                                                                                                                                                                                0x004e74f9
                                                                                                                                                                                0x004e7500
                                                                                                                                                                                0x004e750a
                                                                                                                                                                                0x004e7514
                                                                                                                                                                                0x004e751e
                                                                                                                                                                                0x004e7525
                                                                                                                                                                                0x004e752f
                                                                                                                                                                                0x004e7539
                                                                                                                                                                                0x004e7552
                                                                                                                                                                                0x004e7561
                                                                                                                                                                                0x004e7566
                                                                                                                                                                                0x004e7575
                                                                                                                                                                                0x004e7587
                                                                                                                                                                                0x004e758e
                                                                                                                                                                                0x004e7593
                                                                                                                                                                                0x004e7596
                                                                                                                                                                                0x004e7599
                                                                                                                                                                                0x004e75ac
                                                                                                                                                                                0x004e75b2
                                                                                                                                                                                0x004e75b8
                                                                                                                                                                                0x004e75c7
                                                                                                                                                                                0x004e75d4
                                                                                                                                                                                0x004e75dc
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004e75e3
                                                                                                                                                                                0x004e75e6
                                                                                                                                                                                0x004e75e7
                                                                                                                                                                                0x004e75ec
                                                                                                                                                                                0x004e75ef
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004e75f7
                                                                                                                                                                                0x004e75fa
                                                                                                                                                                                0x004e75fb
                                                                                                                                                                                0x004e7600
                                                                                                                                                                                0x004e7603
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004e7608
                                                                                                                                                                                0x004e760b
                                                                                                                                                                                0x004e760c
                                                                                                                                                                                0x004e7611
                                                                                                                                                                                0x004e7614
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004e761c
                                                                                                                                                                                0x004e761f
                                                                                                                                                                                0x004e7620
                                                                                                                                                                                0x004e7625
                                                                                                                                                                                0x004e7628
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004e75dc
                                                                                                                                                                                0x004e762e
                                                                                                                                                                                0x004e762e
                                                                                                                                                                                0x004e763c
                                                                                                                                                                                0x004e7641
                                                                                                                                                                                0x004e7644
                                                                                                                                                                                0x004e7644
                                                                                                                                                                                0x004e7599
                                                                                                                                                                                0x004e7652
                                                                                                                                                                                0x004e7655
                                                                                                                                                                                0x004e7663
                                                                                                                                                                                0x004e7666
                                                                                                                                                                                0x004e76a9
                                                                                                                                                                                0x004e76a9
                                                                                                                                                                                0x004e7668
                                                                                                                                                                                0x004e7668
                                                                                                                                                                                0x004e766b
                                                                                                                                                                                0x004e766e
                                                                                                                                                                                0x004e7679
                                                                                                                                                                                0x004e767c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004e767e
                                                                                                                                                                                0x004e7687
                                                                                                                                                                                0x004e768f
                                                                                                                                                                                0x004e7698
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004e76a5
                                                                                                                                                                                0x004e76a5
                                                                                                                                                                                0x004e76a5
                                                                                                                                                                                0x004e7689
                                                                                                                                                                                0x004e7689
                                                                                                                                                                                0x004e7689
                                                                                                                                                                                0x004e7687
                                                                                                                                                                                0x004e7670
                                                                                                                                                                                0x004e7670
                                                                                                                                                                                0x004e7670
                                                                                                                                                                                0x004e766e
                                                                                                                                                                                0x004e7657
                                                                                                                                                                                0x004e7657
                                                                                                                                                                                0x004e7657
                                                                                                                                                                                0x004e76b8

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004E7470: RegOpenKeyExW.KERNEL32(?,00000104,00000000,00020019,00000104,?,00000104), ref: 004E748C
                                                                                                                                                                                • _wcstok_s.LIBCMT ref: 004E758E
                                                                                                                                                                                • _wcstok_s.LIBCMT ref: 004E763C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _wcstok_s$Open
                                                                                                                                                                                • String ID: 8}S$`|S8}S
                                                                                                                                                                                • API String ID: 3879386483-3606869655
                                                                                                                                                                                • Opcode ID: 9728a3ff92e0f71e6a12aea6d5b08f99367a5ec3e5b93e39bb7426e85638d084
                                                                                                                                                                                • Instruction ID: a2f9222925fe8830c8f0cba5c2e6d96b03c4d239ebe84c64fdbbe26eb1bda9d0
                                                                                                                                                                                • Opcode Fuzzy Hash: 9728a3ff92e0f71e6a12aea6d5b08f99367a5ec3e5b93e39bb7426e85638d084
                                                                                                                                                                                • Instruction Fuzzy Hash: 525190B0D04259EBCB20DFA5E889BDEB770AB54325F2041DAE4096B241D738AF85CF59
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00432780, Relevance: 6.2, APIs: 4, Instructions: 155COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                			E00432780(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v21;
				char _v28;
				char _v32;
				char _v33;
				char _v40;
				char _v41;
				char _v48;
				char _v49;
				intOrPtr _v56;
				intOrPtr _v60;
				char* _t66;
				void* _t72;
				void* _t86;
				void* _t95;
				void* _t96;
				intOrPtr* _t98;
				intOrPtr* _t101;
				void* _t142;
				void* _t143;
				void* _t147;

				_v56 = __ecx;
				_v16 =  *((intOrPtr*)(E0041D410(_v56)));
				_v12 =  *((intOrPtr*)(_v56 + 4));
				_v5 = 1;
				while(1) {
					_t66 = E004271F0(_v16);
					_t143 = _t142 + 4;
					_t149 =  *_t66;
					if( *_t66 != 0) {
						break;
					}
					_v12 = _v16;
					_t95 = E00436060(_t149, _v16);
					_t96 = E00415110(_a8);
					_t147 = _t143 + 8;
					_v5 = E0041CC50(_v56, _t96, _t95);
					if((_v5 & 0x000000ff) == 0) {
						_t98 = E00441910(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t98;
					} else {
						_t101 = E00415110(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t101;
					}
					_v16 = _v60;
				}
				__eflags = 0;
				if(0 == 0) {
					E00445360( &_v20, _v12);
					__eflags = _v5 & 0x000000ff;
					if(__eflags != 0) {
						__eflags = E00444870( &_v20, E004083B0(_v56,  &_v32)) & 0x000000ff;
						if(__eflags == 0) {
							E004339F0( &_v20);
							L13:
							_t72 = E00415110(_a8);
							__eflags = E0041CC50(_v56, E00436060(__eflags, E0041D530( &_v20)), _t72) & 0x000000ff;
							if(__eflags == 0) {
								_v49 = 0;
								E00445E50(_a4,  &_v20,  &_v49);
								return _a4;
							}
							_v41 = 1;
							E00445E50(_a4, E00433210(_v56, __eflags,  &_v48, _v5 & 0x000000ff, _v12, _a8),  &_v41);
							return _a4;
						}
						_v33 = 1;
						_t86 = E00433210(_v56, __eflags,  &_v40, 1, _v12, _a8); // executed
						E00445E50(_a4, _t86,  &_v33);
						return _a4;
					}
					goto L13;
				}
				_v21 = 1;
				E00445E50(_a4, E00433210(_v56, 0,  &_v28, _v5 & 0x000000ff, _v12, _a8),  &_v21);
				return _a4;
			}



























                                                                                                                                                                                0x00432786
                                                                                                                                                                                0x00432793
                                                                                                                                                                                0x0043279c
                                                                                                                                                                                0x0043279f
                                                                                                                                                                                0x004327a3
                                                                                                                                                                                0x004327a7
                                                                                                                                                                                0x004327ac
                                                                                                                                                                                0x004327b2
                                                                                                                                                                                0x004327b4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004327b9
                                                                                                                                                                                0x004327c0
                                                                                                                                                                                0x004327cd
                                                                                                                                                                                0x004327d2
                                                                                                                                                                                0x004327de
                                                                                                                                                                                0x004327e7
                                                                                                                                                                                0x00432800
                                                                                                                                                                                0x00432805
                                                                                                                                                                                0x0043280a
                                                                                                                                                                                0x004327e9
                                                                                                                                                                                0x004327ed
                                                                                                                                                                                0x004327f2
                                                                                                                                                                                0x004327f7
                                                                                                                                                                                0x004327f7
                                                                                                                                                                                0x00432810
                                                                                                                                                                                0x00432810
                                                                                                                                                                                0x00432815
                                                                                                                                                                                0x00432817
                                                                                                                                                                                0x00432857
                                                                                                                                                                                0x00432860
                                                                                                                                                                                0x00432862
                                                                                                                                                                                0x0043287e
                                                                                                                                                                                0x00432880
                                                                                                                                                                                0x004328b6
                                                                                                                                                                                0x004328bb
                                                                                                                                                                                0x004328bf
                                                                                                                                                                                0x004328e5
                                                                                                                                                                                0x004328e7
                                                                                                                                                                                0x0043291a
                                                                                                                                                                                0x00432929
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0043292e
                                                                                                                                                                                0x004328e9
                                                                                                                                                                                0x0043290e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00432913
                                                                                                                                                                                0x00432882
                                                                                                                                                                                0x0043289b
                                                                                                                                                                                0x004328a4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004328a9
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00432864
                                                                                                                                                                                0x00432819
                                                                                                                                                                                0x0043283e
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Cnd_initHandlestd::_
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3964502784-0
                                                                                                                                                                                • Opcode ID: 5d37febb28f98a8308b52f095ed27f37d055d98d8eaa870f6995a1773317b94f
                                                                                                                                                                                • Instruction ID: 7f02a2f273940e8c15b7f1e878ab3f7c789518f2149d08669c4bd01c7883c5cd
                                                                                                                                                                                • Opcode Fuzzy Hash: 5d37febb28f98a8308b52f095ed27f37d055d98d8eaa870f6995a1773317b94f
                                                                                                                                                                                • Instruction Fuzzy Hash: 425171B5D04108BFDB08DFD5D891AEF77B9AF48304F10805EF415A7252DB38AA05CB95
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00495D00, Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 66%
                                                                                                                                                                                			E00495D00(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi, signed int _a4, intOrPtr _a8, signed char _a12, signed char _a16) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v542;
				short _v544;
				intOrPtr _v548;
				char _v580;
				char _v581;
				signed int _t28;
				signed int _t29;
				intOrPtr _t33;
				intOrPtr _t45;
				intOrPtr _t63;
				intOrPtr _t64;
				signed int _t65;

				_t64 = __esi;
				_t63 = __edi;
				_t45 = __ebx;
				_push(0xffffffff);
				_push(0x508544);
				_push( *[fs:0x0]);
				_t28 =  *0x561244; // 0x554c9ad9
				_t29 = _t28 ^ _t65;
				_v20 = _t29;
				_push(_t29);
				 *[fs:0x0] =  &_v16;
				if((_a16 & 0x000000ff) != 0) {
					_a4 = _a4 | 0x00008000;
				}
				_v544 = 0;
				_t33 = E00451D90(_t63,  &_v542, 0, 0x206);
				_t62 = _a4;
				__imp__SHGetFolderPathW(0, _a4, 0, 0,  &_v544); // executed
				_v548 = _t33;
				if(_v548 != 0) {
					E00417A20(_t45, _a8 + 4, _t63, _t64, 0, 0xffffffff);
				} else {
					if((_a12 & 0x000000ff) == 0) {
						_t62 =  &_v544;
						PathRemoveBackslashW( &_v544);
					} else {
						PathAddBackslashW( &_v544);
					}
					E00417910( &_v544, E00434050( &_v581));
					_v8 = 0;
					E004181D0(_a8,  &_v580);
					_v8 = 0xffffffff;
					E004176E0();
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_v548, _t45, _v20 ^ _t65, _t62, _t63, _t64);
			}


















                                                                                                                                                                                0x00495d00
                                                                                                                                                                                0x00495d00
                                                                                                                                                                                0x00495d00
                                                                                                                                                                                0x00495d03
                                                                                                                                                                                0x00495d05
                                                                                                                                                                                0x00495d10
                                                                                                                                                                                0x00495d17
                                                                                                                                                                                0x00495d1c
                                                                                                                                                                                0x00495d1e
                                                                                                                                                                                0x00495d21
                                                                                                                                                                                0x00495d25
                                                                                                                                                                                0x00495d31
                                                                                                                                                                                0x00495d3c
                                                                                                                                                                                0x00495d3c
                                                                                                                                                                                0x00495d41
                                                                                                                                                                                0x00495d56
                                                                                                                                                                                0x00495d69
                                                                                                                                                                                0x00495d6f
                                                                                                                                                                                0x00495d75
                                                                                                                                                                                0x00495d82
                                                                                                                                                                                0x00495dfa
                                                                                                                                                                                0x00495d84
                                                                                                                                                                                0x00495d8a
                                                                                                                                                                                0x00495d9b
                                                                                                                                                                                0x00495da2
                                                                                                                                                                                0x00495d8c
                                                                                                                                                                                0x00495d93
                                                                                                                                                                                0x00495d93
                                                                                                                                                                                0x00495dc1
                                                                                                                                                                                0x00495dc6
                                                                                                                                                                                0x00495dd7
                                                                                                                                                                                0x00495ddc
                                                                                                                                                                                0x00495de9
                                                                                                                                                                                0x00495de9
                                                                                                                                                                                0x00495e08
                                                                                                                                                                                0x00495e1d

                                                                                                                                                                                APIs
                                                                                                                                                                                • _memset.LIBCMT ref: 00495D56
                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,004CC849,00000000,00000000,?,?,?,554C9AD9), ref: 00495D6F
                                                                                                                                                                                • PathAddBackslashW.SHLWAPI(?,?,?,554C9AD9), ref: 00495D93
                                                                                                                                                                                • PathRemoveBackslashW.SHLWAPI(?,?,?,554C9AD9), ref: 00495DA2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Path$Backslash$FolderRemove_memset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3929315810-0
                                                                                                                                                                                • Opcode ID: 6217d09dcd8f07fb1b63cd95b7a9c497dee597809249df14b43c8a21f599614a
                                                                                                                                                                                • Instruction ID: 86fe7a635caa72a0efe5caebca3a345e7fb4d4f12f3475407d8bad049a1c2fa8
                                                                                                                                                                                • Opcode Fuzzy Hash: 6217d09dcd8f07fb1b63cd95b7a9c497dee597809249df14b43c8a21f599614a
                                                                                                                                                                                • Instruction Fuzzy Hash: 9031BF7094421CABDB14DF60DC59BEEB774FB14310F5082AAF91AA72C1DB78AA44CF54
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004E7470, Relevance: 6.0, APIs: 4, Instructions: 43registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E004E7470(intOrPtr __ecx, void* _a4, short* _a8, short* _a12, int _a16, char* _a20, int _a24) {
				void* _v8;
				intOrPtr _v12;
				long _t13;
				long _t16;

				_v12 = __ecx;
				_t13 = RegOpenKeyExW(_a4, _a8, 0, 0x20019,  &_v8); // executed
				if(_t13 == 0) {
					_t16 = RegQueryValueExW(_v8, _a12, 0,  &_a16, _a20,  &_a24); // executed
					if(_t16 == 0) {
						RegCloseKey(_v8);
						return 1;
					}
					RegCloseKey(_v8);
					return 0;
				}
				return 0;
			}







                                                                                                                                                                                0x004e7476
                                                                                                                                                                                0x004e748c
                                                                                                                                                                                0x004e7494
                                                                                                                                                                                0x004e74b0
                                                                                                                                                                                0x004e74b8
                                                                                                                                                                                0x004e74cc
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004e74d2
                                                                                                                                                                                0x004e74be
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004e74c4
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(?,00000104,00000000,00020019,00000104,?,00000104), ref: 004E748C
                                                                                                                                                                                • RegQueryValueExW.KERNEL32(?,00000000,00000000,?,?,?), ref: 004E74B0
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004E74BE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3677997916-0
                                                                                                                                                                                • Opcode ID: 74fe9954f2e3551657335ec8724b267966786377028bdac5330b8d3bf33c2527
                                                                                                                                                                                • Instruction ID: 76fb4871da12695b8ab536f07709f3c59ad994e195b5bc8f38fb2a09462755e2
                                                                                                                                                                                • Opcode Fuzzy Hash: 74fe9954f2e3551657335ec8724b267966786377028bdac5330b8d3bf33c2527
                                                                                                                                                                                • Instruction Fuzzy Hash: E0012C7560420CFBDB00DFA5D849EEB7B7CAB48701F108549FA1597281D634DA09EBA0
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00433110, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                			E00433110(intOrPtr __ecx, void* __eflags) {
				intOrPtr _v8;
				intOrPtr* _t21;

				_push(__ecx);
				_v8 = __ecx;
				E00433190(_v8, __eflags,  *((intOrPtr*)(E0041D410(_v8)))); // executed
				 *((intOrPtr*)(E0041D410(_v8))) =  *((intOrPtr*)(_v8 + 4));
				 *((intOrPtr*)(_v8 + 8)) = 0;
				 *((intOrPtr*)(E00433680(_v8))) =  *((intOrPtr*)(_v8 + 4));
				_t21 = E00433720(_v8);
				 *_t21 =  *((intOrPtr*)(_v8 + 4));
				return _t21;
			}





                                                                                                                                                                                0x00433113
                                                                                                                                                                                0x00433114
                                                                                                                                                                                0x00433125
                                                                                                                                                                                0x00433138
                                                                                                                                                                                0x0043313d
                                                                                                                                                                                0x00433152
                                                                                                                                                                                0x00433157
                                                                                                                                                                                0x00433162
                                                                                                                                                                                0x00433167

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Handle
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2519475695-0
                                                                                                                                                                                • Opcode ID: 65b7eaa97be12373fd54e7420ed281a64986922b202126f24e156f9667a216b2
                                                                                                                                                                                • Instruction ID: 635f2393350e1471a32329ed3b593f6587da4dc9454c402d12225df5114d51ca
                                                                                                                                                                                • Opcode Fuzzy Hash: 65b7eaa97be12373fd54e7420ed281a64986922b202126f24e156f9667a216b2
                                                                                                                                                                                • Instruction Fuzzy Hash: 2EF03974A00108EFCB08DF95D69295DB7F5AF89308B2181ADD4095B365DB35AF01DB94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00451EC5, Relevance: 6.0, APIs: 4, Instructions: 19threadCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                			E00451EC5(long _a4) {
				void* _t6;
				void* _t9;
				void* _t10;

				_t11 =  *0x51d710;
				if( *0x51d710 != 0 && E0045B680(_t11, 0x51d710) != 0) {
					 *0x51d710();
				}
				if(E00457387(_t6) != 0) {
					E00457549(_t6, _t9, _t10, _t2); // executed
				}
				ExitThread(_a4);
			}






                                                                                                                                                                                0x00451eca
                                                                                                                                                                                0x00451ed1
                                                                                                                                                                                0x00451ee2
                                                                                                                                                                                0x00451ee2
                                                                                                                                                                                0x00451eef
                                                                                                                                                                                0x00451ef2
                                                                                                                                                                                0x00451ef7
                                                                                                                                                                                0x00451efb

                                                                                                                                                                                APIs
                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00451ED8
                                                                                                                                                                                  • Part of subcall function 0045B680: __FindPESection.LIBCMT ref: 0045B6DB
                                                                                                                                                                                • __getptd_noexit.LIBCMT ref: 00451EE8
                                                                                                                                                                                • __freeptd.LIBCMT ref: 00451EF2
                                                                                                                                                                                • ExitThread.KERNEL32 ref: 00451EFB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CurrentExitFindImageNonwritableSectionThread__freeptd__getptd_noexit
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3182216644-0
                                                                                                                                                                                • Opcode ID: 45c0064a665edcd0f35b4145ff4f6929edeaa6cdf4a60e7216190a0d6abc93e0
                                                                                                                                                                                • Instruction ID: f95b2b2071df862fdbd7455a2c00a2e548bf6b304d09f826b41b5fb9907c16d8
                                                                                                                                                                                • Opcode Fuzzy Hash: 45c0064a665edcd0f35b4145ff4f6929edeaa6cdf4a60e7216190a0d6abc93e0
                                                                                                                                                                                • Instruction Fuzzy Hash: 65D012211402155AD71127A6EC4FB6B3AA9EB50357B044A26BC11815F3DF78C88CD579
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004D2C30, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                			E004D2C30(intOrPtr __ebx, void* __ecx, intOrPtr __edi, intOrPtr __esi, void* __eflags, signed int _a4, intOrPtr _a8) {
				WCHAR* _v8;
				char _v16;
				WCHAR* _v20;
				signed int _v24;
				char _v542;
				short _v544;
				char _v576;
				char _v577;
				char _v608;
				WCHAR* _v612;
				intOrPtr _v616;
				intOrPtr _v620;
				signed int _t46;
				signed int _t47;
				WCHAR* _t55;
				signed char _t62;
				short _t66;
				signed int _t117;

				_t116 = __esi;
				_t115 = __edi;
				_t77 = __ebx;
				_push(0xffffffff);
				_push(0x50dedf);
				_push( *[fs:0x0]);
				_t46 =  *0x561244; // 0x554c9ad9
				_t47 = _t46 ^ _t117;
				_v24 = _t47;
				_push(_t47);
				 *[fs:0x0] =  &_v16;
				_v20 = 0;
				E004160E0(E004D1B70(__ecx, 2), _a4, 1);
				if((E00416630(_a4 + 4) & 0x000000ff) == 0) {
					_t55 = E004D22E0(__ebx, __edi, __esi, 0); // executed
					_v20 = _t55;
					if(_a8 != 0) {
						if(( *(E004051D0(__ebx, _a4 + 4, __edi, __esi, 0)) & 0x0000ffff) != 0x2a) {
							__eflags = _a4;
							if(_a4 == 0) {
								_v612 = 0;
							} else {
								_v612 = _a4 + 4;
							}
							_v616 = E00409760( &_v608, _a8, _v612);
							_v620 = _v616;
							_v8 = 1;
							E00409880(_a4, __eflags, _v620);
							_v8 = 0xffffffff;
							E004178C0( &_v608);
							_t110 = _a4;
							_t62 = E0049E7E0(_a4, 0); // executed
							__eflags = _t62 & 0x000000ff;
							if((_t62 & 0x000000ff) == 0) {
								__eflags = _a4 + 4;
								E00405140(_a4 + 4);
							}
						} else {
							_t66 =  *0x5346b4; // 0x0
							_v544 = _t66;
							E00451D90(__edi,  &_v542, 0, 0x206);
							E00417A20(__ebx, _a4 + 4, _t115, __esi, 0, 1);
							_t110 =  &_v544;
							if(SearchPathW(0, E00416A30(_a4 + 4), 0, 0x104,  &_v544, 0) == 0) {
								__eflags = _a4 + 4;
								E00405140(_a4 + 4);
							} else {
								E00417910( &_v544, E00434050( &_v577));
								_v8 = 0;
								E004181D0(_a4,  &_v576);
								_v8 = 0xffffffff;
								E004176E0();
							}
						}
						if((E00416630(_a4 + 4) & 0x000000ff) != 0) {
							_v20 = 0;
						}
					}
				}
				 *[fs:0x0] = _v16;
				_t44 =  &_v24; // 0x4d2f4a
				return E0044F6C8(_v20, _t77,  *_t44 ^ _t117, _t110, _t115, _t116);
			}





















                                                                                                                                                                                0x004d2c30
                                                                                                                                                                                0x004d2c30
                                                                                                                                                                                0x004d2c30
                                                                                                                                                                                0x004d2c33
                                                                                                                                                                                0x004d2c35
                                                                                                                                                                                0x004d2c40
                                                                                                                                                                                0x004d2c47
                                                                                                                                                                                0x004d2c4c
                                                                                                                                                                                0x004d2c4e
                                                                                                                                                                                0x004d2c51
                                                                                                                                                                                0x004d2c55
                                                                                                                                                                                0x004d2c5b
                                                                                                                                                                                0x004d2c74
                                                                                                                                                                                0x004d2c89
                                                                                                                                                                                0x004d2c91
                                                                                                                                                                                0x004d2c99
                                                                                                                                                                                0x004d2ca0
                                                                                                                                                                                0x004d2cb9
                                                                                                                                                                                0x004d2d71
                                                                                                                                                                                0x004d2d75
                                                                                                                                                                                0x004d2d85
                                                                                                                                                                                0x004d2d77
                                                                                                                                                                                0x004d2d7d
                                                                                                                                                                                0x004d2d7d
                                                                                                                                                                                0x004d2da9
                                                                                                                                                                                0x004d2db5
                                                                                                                                                                                0x004d2dbb
                                                                                                                                                                                0x004d2dcc
                                                                                                                                                                                0x004d2dd1
                                                                                                                                                                                0x004d2dde
                                                                                                                                                                                0x004d2de5
                                                                                                                                                                                0x004d2de9
                                                                                                                                                                                0x004d2df4
                                                                                                                                                                                0x004d2df6
                                                                                                                                                                                0x004d2dfb
                                                                                                                                                                                0x004d2dfe
                                                                                                                                                                                0x004d2dfe
                                                                                                                                                                                0x004d2cbf
                                                                                                                                                                                0x004d2cbf
                                                                                                                                                                                0x004d2cc5
                                                                                                                                                                                0x004d2cda
                                                                                                                                                                                0x004d2cec
                                                                                                                                                                                0x004d2cf3
                                                                                                                                                                                0x004d2d17
                                                                                                                                                                                0x004d2d64
                                                                                                                                                                                0x004d2d67
                                                                                                                                                                                0x004d2d19
                                                                                                                                                                                0x004d2d32
                                                                                                                                                                                0x004d2d37
                                                                                                                                                                                0x004d2d48
                                                                                                                                                                                0x004d2d4d
                                                                                                                                                                                0x004d2d5a
                                                                                                                                                                                0x004d2d5a
                                                                                                                                                                                0x004d2d6c
                                                                                                                                                                                0x004d2e13
                                                                                                                                                                                0x004d2e15
                                                                                                                                                                                0x004d2e15
                                                                                                                                                                                0x004d2e13
                                                                                                                                                                                0x004d2ca0
                                                                                                                                                                                0x004d2e22
                                                                                                                                                                                0x004d2e2a
                                                                                                                                                                                0x004d2e37

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004D22E0: _memset.LIBCMT ref: 004D23BC
                                                                                                                                                                                  • Part of subcall function 004D22E0: GetPrivateProfileStringW.KERNEL32 ref: 004D23E8
                                                                                                                                                                                • _memset.LIBCMT ref: 004D2CDA
                                                                                                                                                                                • SearchPathW.KERNEL32(00000000,00000000,00000000,00000104,?,00000000,00000000,00000001,?,?,00000000,?,554C9AD9), ref: 004D2D0F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _memset$PathPrivateProfileSearchString
                                                                                                                                                                                • String ID: J/M
                                                                                                                                                                                • API String ID: 582612538-2554188868
                                                                                                                                                                                • Opcode ID: 73c51ff33ac276d579cb13ff9ac702313c91854a9ab6227103b72e2bd1c6a274
                                                                                                                                                                                • Instruction ID: 4692963f7d416df05ce02a8c07cd532fa1bfbc1300a29e1f714706a3fff324ba
                                                                                                                                                                                • Opcode Fuzzy Hash: 73c51ff33ac276d579cb13ff9ac702313c91854a9ab6227103b72e2bd1c6a274
                                                                                                                                                                                • Instruction Fuzzy Hash: AA519470A00218ABEB14EF55CD65BEE7774EF54308F10416EF50A6B3C1DB78AA84CB99
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004953B0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 81%
                                                                                                                                                                                			E004953B0(void* __eflags) {
				char _v8;
				char _v16;
				char _v24;
				char _v28;
				char _v29;
				char _v30;
				signed int _t19;
				intOrPtr _t26;
				void* _t27;
				void* _t28;
				signed int _t38;

				_push(0xffffffff);
				_push(0x5059f3);
				_push( *[fs:0x0]);
				_t19 =  *0x561244; // 0x554c9ad9
				_push(_t19 ^ _t38);
				 *[fs:0x0] =  &_v16;
				E00434E30( &_v24);
				_v8 = 0;
				if((E00494F20(__eflags) & 0x000000ff) == 0) {
					L5:
					_v30 = 0;
					_v8 = 0xffffffff;
					E0041EF60( &_v24);
					_t26 = _v30;
				} else {
					_t27 = E0041EEA0( &_v24, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", 0x20019); // executed
					if(_t27 != 0) {
						goto L5;
					} else {
						_v28 = 0;
						_t28 = E00429BB0( &_v24, L"EnableLUA",  &_v28); // executed
						if(_t28 != 0 || _v28 != 1) {
							goto L5;
						} else {
							_v29 = 1;
							_v8 = 0xffffffff;
							E0041EF60( &_v24);
							_t26 = _v29;
						}
					}
				}
				 *[fs:0x0] = _v16;
				return _t26;
			}














                                                                                                                                                                                0x004953b3
                                                                                                                                                                                0x004953b5
                                                                                                                                                                                0x004953c0
                                                                                                                                                                                0x004953c4
                                                                                                                                                                                0x004953cb
                                                                                                                                                                                0x004953cf
                                                                                                                                                                                0x004953d8
                                                                                                                                                                                0x004953dd
                                                                                                                                                                                0x004953ee
                                                                                                                                                                                0x00495445
                                                                                                                                                                                0x00495445
                                                                                                                                                                                0x00495449
                                                                                                                                                                                0x00495453
                                                                                                                                                                                0x00495458
                                                                                                                                                                                0x004953f0
                                                                                                                                                                                0x00495402
                                                                                                                                                                                0x00495409
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0049540b
                                                                                                                                                                                0x0049540b
                                                                                                                                                                                0x0049541e
                                                                                                                                                                                0x00495425
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0049542d
                                                                                                                                                                                0x0049542d
                                                                                                                                                                                0x00495431
                                                                                                                                                                                0x0049543b
                                                                                                                                                                                0x00495440
                                                                                                                                                                                0x00495440
                                                                                                                                                                                0x00495425
                                                                                                                                                                                0x00495409
                                                                                                                                                                                0x0049545e
                                                                                                                                                                                0x00495469

                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 004953D8
                                                                                                                                                                                  • Part of subcall function 0041EEA0: RegOpenKeyExW.KERNEL32(00000001,?,00000000,00000000,00000000,Software\Microsoft\Internet Explorer\,00000001), ref: 0041EECA
                                                                                                                                                                                  • Part of subcall function 00429BB0: RegQueryValueExW.KERNEL32(554C9AD9,00000004,00000000,554C9AD9,?,00000004,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\System), ref: 00429BE0
                                                                                                                                                                                Strings
                                                                                                                                                                                • EnableLUA, xrefs: 00495416
                                                                                                                                                                                • Software\Microsoft\Windows\CurrentVersion\Policies\System, xrefs: 004953F5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Iterator_baseIterator_base::_OpenQueryValuestd::_
                                                                                                                                                                                • String ID: EnableLUA$Software\Microsoft\Windows\CurrentVersion\Policies\System
                                                                                                                                                                                • API String ID: 396298244-2158134279
                                                                                                                                                                                • Opcode ID: e8424a432b09796e039caeee3fd81409fe03dcfc1f841f83dfc53752b70cbb59
                                                                                                                                                                                • Instruction ID: 29ad32eb1deafc1a9237aec2643cf2849c09354840a95a285363a7d82d27e06b
                                                                                                                                                                                • Opcode Fuzzy Hash: e8424a432b09796e039caeee3fd81409fe03dcfc1f841f83dfc53752b70cbb59
                                                                                                                                                                                • Instruction Fuzzy Hash: CB11D03090064ADBCF01DFA1D902BFFBFB4EB14319F20026EE811622C1EB785A05C796
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0044F76F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                			E0044F76F(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				char _v16;
				void* _t11;
				signed int _t12;
				intOrPtr* _t16;
				void* _t19;
				void* _t25;
				void* _t26;

				_t26 = __edi;
				_t19 = __ebx;
				while(1) {
					_t11 = E0044FBD9(_t19, _t25, _t26, _a4); // executed
					if(_t11 != 0) {
						break;
					}
					_t12 = E00456FFC(_a4);
					__eflags = _t12;
					if(_t12 == 0) {
						__eflags =  *0x5bc914 & 0x00000001;
						if(( *0x5bc914 & 0x00000001) == 0) {
							 *0x5bc914 =  *0x5bc914 | 0x00000001;
							__eflags =  *0x5bc914;
							E0044F754(0x5bc908);
							E0044FAE5( *0x5bc914, 0x51a041);
						}
						E00417C20(0x5bc908);
						E00456A4C( &_v16, 0x544b88);
						asm("int3");
						_t16 =  &_v16;
						 *(_t16 + 4) =  *(_t16 + 4) & 0x00000000;
						_t9 = _t16 + 8;
						 *_t9 =  *(_t16 + 8) & 0x00000000;
						__eflags =  *_t9;
						 *_t16 = 0x51bc00;
						return _t16;
					} else {
						continue;
					}
					L8:
				}
				return _t11;
				goto L8;
			}










                                                                                                                                                                                0x0044f76f
                                                                                                                                                                                0x0044f76f
                                                                                                                                                                                0x0044f786
                                                                                                                                                                                0x0044f789
                                                                                                                                                                                0x0044f791
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0044f77c
                                                                                                                                                                                0x0044f782
                                                                                                                                                                                0x0044f784
                                                                                                                                                                                0x0044f795
                                                                                                                                                                                0x0044f7a1
                                                                                                                                                                                0x0044f7a3
                                                                                                                                                                                0x0044f7a3
                                                                                                                                                                                0x0044f7ac
                                                                                                                                                                                0x0044f7b6
                                                                                                                                                                                0x0044f7bb
                                                                                                                                                                                0x0044f7c0
                                                                                                                                                                                0x0044f7ce
                                                                                                                                                                                0x0044f7d3
                                                                                                                                                                                0x0044f7d4
                                                                                                                                                                                0x0044f7d6
                                                                                                                                                                                0x0044f7da
                                                                                                                                                                                0x0044f7da
                                                                                                                                                                                0x0044f7da
                                                                                                                                                                                0x0044f7de
                                                                                                                                                                                0x0044f7e4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0044f784
                                                                                                                                                                                0x0044f794
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • _malloc.LIBCMT ref: 0044F789
                                                                                                                                                                                  • Part of subcall function 0044FBD9: __FF_MSGBANNER.LIBCMT ref: 0044FBFC
                                                                                                                                                                                  • Part of subcall function 0044FBD9: __NMSG_WRITE.LIBCMT ref: 0044FC03
                                                                                                                                                                                  • Part of subcall function 0044FBD9: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00457755,?,00000001,?,?,00457D86,00000018,005444D8,0000000C,00457E17), ref: 0044FC50
                                                                                                                                                                                • std::bad_alloc::bad_alloc.LIBCMT ref: 0044F7AC
                                                                                                                                                                                  • Part of subcall function 0044F754: std::exception::exception.LIBCMT ref: 0044F760
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateHeap_mallocstd::bad_alloc::bad_allocstd::exception::exception
                                                                                                                                                                                • String ID: Pyr
                                                                                                                                                                                • API String ID: 3447465555-3752401018
                                                                                                                                                                                • Opcode ID: 0054d67c207d4c7568505f88fa2829a4319c9a7d50decf1bb6392ddf8cc42fb3
                                                                                                                                                                                • Instruction ID: a2ac23eca041f9d271ebf24056ea33b4297bb616494d032b84d1e5c4886cc8d0
                                                                                                                                                                                • Opcode Fuzzy Hash: 0054d67c207d4c7568505f88fa2829a4319c9a7d50decf1bb6392ddf8cc42fb3
                                                                                                                                                                                • Instruction Fuzzy Hash: D7F0823190120566FB046722EC17A9A3FA89B4535CB10403FFC0595592DE6DBA4D929D
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0049E5B0, Relevance: 4.5, APIs: 3, Instructions: 33fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                			E0049E5B0(void* __ecx, intOrPtr _a4, signed char _a8) {
				long _v8;
				int _t9;

				_push(__ecx);
				if((_a8 & 0x000000ff) != 0) {
					SetFileAttributesW(E00416A30(_a4 + 4), 0x80);
				}
				_t9 = DeleteFileW(E00416A30(_a4 + 4)); // executed
				if(_t9 != 0) {
					return 1;
				} else {
					_v8 = GetLastError();
					if(_v8 == 2 || _v8 == 3) {
						return 1;
					} else {
						return 0;
					}
				}
			}





                                                                                                                                                                                0x0049e5b3
                                                                                                                                                                                0x0049e5ba
                                                                                                                                                                                0x0049e5cd
                                                                                                                                                                                0x0049e5cd
                                                                                                                                                                                0x0049e5df
                                                                                                                                                                                0x0049e5e7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0049e5e9
                                                                                                                                                                                0x0049e5ef
                                                                                                                                                                                0x0049e5f6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0049e602
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0049e602
                                                                                                                                                                                0x0049e5f6

                                                                                                                                                                                APIs
                                                                                                                                                                                • SetFileAttributesW.KERNEL32(00000000,00000080,?,?,004F721A,?,00000000,bab_tmp_web.html,00000000,00000000,00000000,554C9AD9), ref: 0049E5CD
                                                                                                                                                                                • DeleteFileW.KERNEL32(00000000,?,?,004F721A,?,00000000,bab_tmp_web.html,00000000,00000000,00000000,554C9AD9), ref: 0049E5DF
                                                                                                                                                                                • GetLastError.KERNEL32(?,004F721A,?,00000000,bab_tmp_web.html,00000000,00000000,00000000,554C9AD9), ref: 0049E5E9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$AttributesDeleteErrorLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1736513994-0
                                                                                                                                                                                • Opcode ID: c92789c02eee6c880e195e83b484d1ee3f6e110011f4c04e5ce39a863ca8df47
                                                                                                                                                                                • Instruction ID: 6351115cbb09d7aa138f8d0f2ad5c1d28e13df6de63dbdbedb9bb6d0ae47607d
                                                                                                                                                                                • Opcode Fuzzy Hash: c92789c02eee6c880e195e83b484d1ee3f6e110011f4c04e5ce39a863ca8df47
                                                                                                                                                                                • Instruction Fuzzy Hash: 4AF0E930541214BBEF10DFB3C81D2BE7F68AE2231EF40C06AF80257301DA38DA04EA69
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00455218, Relevance: 4.5, APIs: 3, Instructions: 21COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00455218(WCHAR* _a4) {
				int _t2;
				long _t3;

				_t2 = RemoveDirectoryW(_a4); // executed
				if(_t2 != 0) {
					_t3 = 0;
				} else {
					_t3 = GetLastError();
				}
				if(_t3 == 0) {
					return 0;
				} else {
					return E0045449D(_t3) | 0xffffffff;
				}
			}





                                                                                                                                                                                0x00455220
                                                                                                                                                                                0x00455228
                                                                                                                                                                                0x00455232
                                                                                                                                                                                0x0045522a
                                                                                                                                                                                0x0045522a
                                                                                                                                                                                0x0045522a
                                                                                                                                                                                0x00455236
                                                                                                                                                                                0x00455247
                                                                                                                                                                                0x00455238
                                                                                                                                                                                0x00455243
                                                                                                                                                                                0x00455243

                                                                                                                                                                                APIs
                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(000000FF,?,0049E5A4,00000000,?,004D65B9,?,000000FF,000000FF,0000005C,000000FF,?,00000000,00000000,554C9AD9), ref: 00455220
                                                                                                                                                                                • GetLastError.KERNEL32(?,0049E5A4,00000000,?,004D65B9,?,000000FF,000000FF,0000005C,000000FF,?,00000000,00000000,554C9AD9), ref: 0045522A
                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00455239
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DirectoryErrorLastRemove__dosmaperr
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4061612599-0
                                                                                                                                                                                • Opcode ID: 4f121293ec929a833d3eeb2b2a184cae1bd3b805ed201971d6b715f4f866c10b
                                                                                                                                                                                • Instruction ID: 3663204bc7aed2f6ba477911cfe8aae5d527464cf46f9ba901a5bb3a8d9226d4
                                                                                                                                                                                • Opcode Fuzzy Hash: 4f121293ec929a833d3eeb2b2a184cae1bd3b805ed201971d6b715f4f866c10b
                                                                                                                                                                                • Instruction Fuzzy Hash: 07D05E31244A05669B001BB6AC1C9373B9C9A8137AB1586A6FC2CC8192EF29C858AE95
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004F78F0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                                                			E004F78F0(intOrPtr __ebx, WCHAR* __ecx, intOrPtr __edi, intOrPtr __esi, WCHAR* _a4, intOrPtr _a8) {
				signed char _v8;
				char _v16;
				WCHAR* _v20;
				signed int _v24;
				char _v544;
				char _v576;
				char _v577;
				char _v612;
				char _v613;
				WCHAR* _v620;
				signed int _v624;
				signed int _t53;
				signed int _t54;
				intOrPtr _t63;
				signed int _t90;
				void* _t91;
				void* _t92;

				_t89 = __esi;
				_t88 = __edi;
				_t69 = __ebx;
				_push(0xffffffff);
				_push(0x5099f7);
				_push( *[fs:0x0]);
				_t92 = _t91 - 0x260;
				_t53 =  *0x561244; // 0x554c9ad9
				_t54 = _t53 ^ _t90;
				_v24 = _t54;
				_push(_t54);
				 *[fs:0x0] =  &_v16;
				_v620 = __ecx;
				_v20 = 0x80004005;
				_v624 = E004F7700(_v620, _a8);
				_t73 = _v624 - 1;
				_v624 = _v624 - 1;
				if(_v624 > 4) {
					L12:
					_t95 = _v20;
					if(_v20 != 0) {
						E00417910(_v620, E00434050( &_v613));
						_v8 = 1;
						E004181D0(_a4,  &_v612);
						_v8 = 0xffffffff;
						E004176E0();
					} else {
						_t87 = _a4;
						E00422290(_t69, _t73, _t88, _t89, _t95, _a4);
						E004130D0( &(_a4[2]), L"Babylon\\");
					}
					_t63 = E00416A30( &(_a4[2]));
					 *[fs:0x0] = _v16;
					return E0044F6C8(_t63, _t69, _v24 ^ _t90, _t87, _t88, _t89);
				}
				_t87 = _v624;
				switch( *((intOrPtr*)(_v624 * 4 +  &M004F7AF4))) {
					case 0:
						_t68 = E00495D00(__ebx, __edi, __esi, 0x23, _a4, 1, 1); // executed
						_t92 = _t92 + 0x10;
						_v20 = _t68;
						goto L12;
					case 1:
						__ecx = _a4;
						__eax = E00495D00(__ebx, __edi, __esi, 0x1a, _a4, 1, 1); // executed
						_v20 = __eax;
						goto L12;
					case 2:
						__edx = _a4;
						__eax = E00495D00(__ebx, __edi, __esi, 0x1c, _a4, 1, 1); // executed
						_v20 = __eax;
						__eflags = _v20;
						if(__eflags != 0) {
							goto L6;
						}
						goto L12;
					case 3:
						L10:
						__edx =  &_v544;
						__eax = GetTempPathW(0x104, __edx);
						__ecx = 0;
						__eflags = 0 - __eax;
						asm("sbb edx, edx");
						__edx = __edx & 0x7fffbffb;
						__edx =  &(__edx[0xffffffffc0002003]);
						__eflags = __edx;
						_v20 = __edx;
						if(__eflags == 0) {
							__ecx =  &_v577;
							E00434050( &_v577) =  &_v544;
							__ecx =  &_v576;
							__eax = E00417910( &_v544,  &_v544);
							_v8 = 0;
							__ecx =  &_v576;
							__ecx = _a4;
							__eax = E004181D0(_a4,  &_v576);
							_v8 = 0xffffffff;
							__ecx =  &_v576;
							__eax = E004176E0();
						}
						goto L12;
					case 4:
						L6:
						__eax = _a4;
						__ecx = _v620;
						_v20 = E004F77C0(__ebx, __ecx, __edi, __esi, __eflags, _a4);
						__eflags = _v20;
						if(_v20 < 0) {
							__ecx = _a4;
							_v20 = E00495D00(__ebx, __edi, __esi, 0x1c, _a4, 1, 1);
						}
						__eflags = _v20;
						if(__eflags != 0) {
							goto L10;
						} else {
							goto L12;
						}
				}
			}




















                                                                                                                                                                                0x004f78f0
                                                                                                                                                                                0x004f78f0
                                                                                                                                                                                0x004f78f0
                                                                                                                                                                                0x004f78f3
                                                                                                                                                                                0x004f78f5
                                                                                                                                                                                0x004f7900
                                                                                                                                                                                0x004f7901
                                                                                                                                                                                0x004f7907
                                                                                                                                                                                0x004f790c
                                                                                                                                                                                0x004f790e
                                                                                                                                                                                0x004f7911
                                                                                                                                                                                0x004f7915
                                                                                                                                                                                0x004f791b
                                                                                                                                                                                0x004f7921
                                                                                                                                                                                0x004f7937
                                                                                                                                                                                0x004f7943
                                                                                                                                                                                0x004f7946
                                                                                                                                                                                0x004f7953
                                                                                                                                                                                0x004f7a63
                                                                                                                                                                                0x004f7a63
                                                                                                                                                                                0x004f7a67
                                                                                                                                                                                0x004f7aa0
                                                                                                                                                                                0x004f7aa5
                                                                                                                                                                                0x004f7ab6
                                                                                                                                                                                0x004f7abb
                                                                                                                                                                                0x004f7ac8
                                                                                                                                                                                0x004f7a69
                                                                                                                                                                                0x004f7a69
                                                                                                                                                                                0x004f7a6d
                                                                                                                                                                                0x004f7a80
                                                                                                                                                                                0x004f7a80
                                                                                                                                                                                0x004f7ad3
                                                                                                                                                                                0x004f7adb
                                                                                                                                                                                0x004f7af0
                                                                                                                                                                                0x004f7af0
                                                                                                                                                                                0x004f7959
                                                                                                                                                                                0x004f795f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f7975
                                                                                                                                                                                0x004f797a
                                                                                                                                                                                0x004f797d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f7989
                                                                                                                                                                                0x004f798f
                                                                                                                                                                                0x004f7997
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f79a3
                                                                                                                                                                                0x004f79a9
                                                                                                                                                                                0x004f79b1
                                                                                                                                                                                0x004f79b4
                                                                                                                                                                                0x004f79b8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f79f4
                                                                                                                                                                                0x004f79f4
                                                                                                                                                                                0x004f7a00
                                                                                                                                                                                0x004f7a06
                                                                                                                                                                                0x004f7a08
                                                                                                                                                                                0x004f7a0a
                                                                                                                                                                                0x004f7a0c
                                                                                                                                                                                0x004f7a12
                                                                                                                                                                                0x004f7a12
                                                                                                                                                                                0x004f7a18
                                                                                                                                                                                0x004f7a1b
                                                                                                                                                                                0x004f7a1d
                                                                                                                                                                                0x004f7a29
                                                                                                                                                                                0x004f7a30
                                                                                                                                                                                0x004f7a36
                                                                                                                                                                                0x004f7a3b
                                                                                                                                                                                0x004f7a42
                                                                                                                                                                                0x004f7a49
                                                                                                                                                                                0x004f7a4c
                                                                                                                                                                                0x004f7a51
                                                                                                                                                                                0x004f7a58
                                                                                                                                                                                0x004f7a5e
                                                                                                                                                                                0x004f7a5e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f79bf
                                                                                                                                                                                0x004f79bf
                                                                                                                                                                                0x004f79c3
                                                                                                                                                                                0x004f79ce
                                                                                                                                                                                0x004f79d1
                                                                                                                                                                                0x004f79d5
                                                                                                                                                                                0x004f79db
                                                                                                                                                                                0x004f79e9
                                                                                                                                                                                0x004f79e9
                                                                                                                                                                                0x004f79ec
                                                                                                                                                                                0x004f79f0
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f79f2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f79f2
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTempPathW.KERNEL32(00000104,?,00000000,?,?,?,?,?,?,?,Babylon\), ref: 004F7A00
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PathTemp
                                                                                                                                                                                • String ID: Babylon\
                                                                                                                                                                                • API String ID: 2920410445-964554263
                                                                                                                                                                                • Opcode ID: a4f65adf3e46fd803311db8aed39d7afb608e0182216800d2fb60d870712ebf5
                                                                                                                                                                                • Instruction ID: 9b04c22fcb007ae7e9457040daaacfd2f73ff2dc511d6759e3a31cb4679aa1fb
                                                                                                                                                                                • Opcode Fuzzy Hash: a4f65adf3e46fd803311db8aed39d7afb608e0182216800d2fb60d870712ebf5
                                                                                                                                                                                • Instruction Fuzzy Hash: 40516CB190811CABDB14EF64DC85BFEB775EB04304F1046AEE6156A281DBB96B80CF94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004549D5, Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 70%
                                                                                                                                                                                			E004549D5(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t19;
				intOrPtr _t22;
				void* _t33;
				void* _t34;

				_t30 = __edi;
				_t29 = __edx;
				_push(0xc);
				_push(0x544300);
				E00456860(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t33 - 0x1c)) = 0;
				if( *((intOrPtr*)(_t33 + 0x10)) == 0 ||  *((intOrPtr*)(_t33 + 0x14)) == 0) {
					L6:
					_t19 = 0;
				} else {
					if( *((intOrPtr*)(_t33 + 0x18)) != 0) {
						E0045D801( *((intOrPtr*)(_t33 + 0x18)));
						 *((intOrPtr*)(_t33 - 4)) = 0;
						_t22 = E004547CB(__edx,  *((intOrPtr*)(_t33 + 8)),  *((intOrPtr*)(_t33 + 0xc)),  *((intOrPtr*)(_t33 + 0x10)),  *((intOrPtr*)(_t33 + 0x14)),  *((intOrPtr*)(_t33 + 0x18))); // executed
						 *((intOrPtr*)(_t33 - 0x1c)) = _t22;
						 *((intOrPtr*)(_t33 - 4)) = 0xfffffffe;
						E00454A61();
						_t19 =  *((intOrPtr*)(_t33 - 0x1c));
					} else {
						_t41 =  *((intOrPtr*)(_t33 + 0xc)) - 0xffffffff;
						if( *((intOrPtr*)(_t33 + 0xc)) != 0xffffffff) {
							E00451D90(__edi,  *((intOrPtr*)(_t33 + 8)), 0,  *((intOrPtr*)(_t33 + 0xc)));
							_t34 = _t34 + 0xc;
						}
						 *((intOrPtr*)(E00454477(_t41))) = 0x16;
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E004557A5(_t29, _t30, 0);
						goto L6;
					}
				}
				return E004568A5(_t19);
			}







                                                                                                                                                                                0x004549d5
                                                                                                                                                                                0x004549d5
                                                                                                                                                                                0x004549d5
                                                                                                                                                                                0x004549d7
                                                                                                                                                                                0x004549dc
                                                                                                                                                                                0x004549e3
                                                                                                                                                                                0x004549e9
                                                                                                                                                                                0x00454a22
                                                                                                                                                                                0x00454a22
                                                                                                                                                                                0x004549f0
                                                                                                                                                                                0x004549f3
                                                                                                                                                                                0x00454a2d
                                                                                                                                                                                0x00454a33
                                                                                                                                                                                0x00454a45
                                                                                                                                                                                0x00454a4d
                                                                                                                                                                                0x00454a50
                                                                                                                                                                                0x00454a57
                                                                                                                                                                                0x00454a5c
                                                                                                                                                                                0x004549f5
                                                                                                                                                                                0x004549f5
                                                                                                                                                                                0x004549f9
                                                                                                                                                                                0x00454a02
                                                                                                                                                                                0x00454a07
                                                                                                                                                                                0x00454a07
                                                                                                                                                                                0x00454a0f
                                                                                                                                                                                0x00454a15
                                                                                                                                                                                0x00454a16
                                                                                                                                                                                0x00454a17
                                                                                                                                                                                0x00454a18
                                                                                                                                                                                0x00454a19
                                                                                                                                                                                0x00454a1a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00454a1f
                                                                                                                                                                                0x004549f3
                                                                                                                                                                                0x00454a29

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __lock_file_memset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 26237723-0
                                                                                                                                                                                • Opcode ID: 37ef9b4903a69fa08c2e22f251cd5e38d13e6d41c0040cdc2554639083a2e4eb
                                                                                                                                                                                • Instruction ID: d7dfcb793dc1720f97a4c8db5cdb919cf0c013a247f2a2882a06d8a2a7a3e963
                                                                                                                                                                                • Opcode Fuzzy Hash: 37ef9b4903a69fa08c2e22f251cd5e38d13e6d41c0040cdc2554639083a2e4eb
                                                                                                                                                                                • Instruction Fuzzy Hash: 37018071C41209EBCF61AFA1D8028DE3B70BF5476AF00411AFC1459163D3398AAAEBD9
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00454569, Relevance: 3.0, APIs: 2, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 66%
                                                                                                                                                                                			E00454569(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t18;
				signed int _t20;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t36;

				_push(0xc);
				_push(0x544298);
				E00456860(__ebx, __edi, __esi);
				 *(_t32 - 0x1c) =  *(_t32 - 0x1c) | 0xffffffff;
				_t31 =  *((intOrPtr*)(_t32 + 8));
				_t36 = _t31;
				_t37 = _t36 != 0;
				if(_t36 != 0) {
					__eflags =  *(_t31 + 0xc) & 0x00000040;
					if(( *(_t31 + 0xc) & 0x00000040) == 0) {
						E0045D801(_t31);
						 *((intOrPtr*)(_t32 - 4)) = 0;
						_t18 = E004544F2(__edx, _t31); // executed
						 *(_t32 - 0x1c) = _t18;
						 *((intOrPtr*)(_t32 - 4)) = 0xfffffffe;
						E004545DD(_t31);
					} else {
						 *(_t31 + 0xc) = 0;
					}
					_t20 =  *(_t32 - 0x1c);
				} else {
					 *((intOrPtr*)(E00454477(_t37))) = 0x16;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_t20 = E004557A5(__edx, 0, _t31) | 0xffffffff;
				}
				return E004568A5(_t20);
			}








                                                                                                                                                                                0x00454569
                                                                                                                                                                                0x0045456b
                                                                                                                                                                                0x00454570
                                                                                                                                                                                0x00454575
                                                                                                                                                                                0x0045457b
                                                                                                                                                                                0x00454580
                                                                                                                                                                                0x00454585
                                                                                                                                                                                0x00454587
                                                                                                                                                                                0x004545a6
                                                                                                                                                                                0x004545aa
                                                                                                                                                                                0x004545b9
                                                                                                                                                                                0x004545bf
                                                                                                                                                                                0x004545c3
                                                                                                                                                                                0x004545c9
                                                                                                                                                                                0x004545cc
                                                                                                                                                                                0x004545d3
                                                                                                                                                                                0x004545ac
                                                                                                                                                                                0x004545ac
                                                                                                                                                                                0x004545ac
                                                                                                                                                                                0x004545af
                                                                                                                                                                                0x00454589
                                                                                                                                                                                0x0045458e
                                                                                                                                                                                0x00454594
                                                                                                                                                                                0x00454595
                                                                                                                                                                                0x00454596
                                                                                                                                                                                0x00454597
                                                                                                                                                                                0x00454598
                                                                                                                                                                                0x004545a1
                                                                                                                                                                                0x004545a1
                                                                                                                                                                                0x004545b7

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00454477: __getptd_noexit.LIBCMT ref: 00454477
                                                                                                                                                                                  • Part of subcall function 004557A5: __decode_pointer.LIBCMT ref: 004557B0
                                                                                                                                                                                • __lock_file.LIBCMT ref: 004545B9
                                                                                                                                                                                  • Part of subcall function 0045D801: __lock.LIBCMT ref: 0045D826
                                                                                                                                                                                • __fclose_nolock.LIBCMT ref: 004545C3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __decode_pointer__fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 717694121-0
                                                                                                                                                                                • Opcode ID: e8809228c1312b64c1facbe8e66023ba57e1e74e3ceb212012b6ea9c4ce00062
                                                                                                                                                                                • Instruction ID: e4cb9d1e5c9697cfff4e0b800dbd3b9f6b75d0fe3744077fef0c531a8bdeec8e
                                                                                                                                                                                • Opcode Fuzzy Hash: e8809228c1312b64c1facbe8e66023ba57e1e74e3ceb212012b6ea9c4ce00062
                                                                                                                                                                                • Instruction Fuzzy Hash: CCF0F470801608A7C720BB6A880165E7AA06F8133EF61820AED759B1C3DA3C458A8B1E
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004EDD10, Relevance: 3.0, APIs: 2, Instructions: 25networkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                			E004EDD10(void** __ecx) {
				void** _v8;
				void** _t13;

				_push(__ecx);
				_v8 = __ecx;
				if(_v8[1] != 0) {
					InternetCloseHandle(_v8[1]); // executed
				}
				if( *_v8 != 0) {
					InternetCloseHandle( *_v8);
				}
				_t13 = _v8;
				 *_t13 = 0;
				_v8[1] = 0;
				return _t13;
			}





                                                                                                                                                                                0x004edd13
                                                                                                                                                                                0x004edd14
                                                                                                                                                                                0x004edd1e
                                                                                                                                                                                0x004edd27
                                                                                                                                                                                0x004edd27
                                                                                                                                                                                0x004edd33
                                                                                                                                                                                0x004edd3b
                                                                                                                                                                                0x004edd3b
                                                                                                                                                                                0x004edd41
                                                                                                                                                                                0x004edd44
                                                                                                                                                                                0x004edd4d
                                                                                                                                                                                0x004edd57

                                                                                                                                                                                APIs
                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 004EDD27
                                                                                                                                                                                • InternetCloseHandle.WININET ref: 004EDD3B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseHandleInternet
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1081599783-0
                                                                                                                                                                                • Opcode ID: 5d7717c1b9295ea8faa2cc6d646949c8e008cc71e97655b22e0b5ad4ad0d7d83
                                                                                                                                                                                • Instruction ID: 954ac52303eef577f79202d418b083c80d2e3be7494a3a46e7203f2e1600ef05
                                                                                                                                                                                • Opcode Fuzzy Hash: 5d7717c1b9295ea8faa2cc6d646949c8e008cc71e97655b22e0b5ad4ad0d7d83
                                                                                                                                                                                • Instruction Fuzzy Hash: 9CF0AC74901208EFDB04CF94DA94F9EB7F5EB49305F2481D9E8055B3A0C776AE41EB94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0049E610, Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                                                			E0049E610(void* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				int _v8;
				int _t10;

				_push(__ecx);
				_t10 = CreateDirectoryW(E00416A30(_a4 + 4), 0); // executed
				_v8 = _t10;
				if(_v8 == 0 && _a8 != 0) {
					 *_a8 = GetLastError();
				}
				return 0 | _v8 != 0x00000000;
			}





                                                                                                                                                                                0x0049e613
                                                                                                                                                                                0x0049e622
                                                                                                                                                                                0x0049e628
                                                                                                                                                                                0x0049e62f
                                                                                                                                                                                0x0049e640
                                                                                                                                                                                0x0049e640
                                                                                                                                                                                0x0049e64e

                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,004D6543,?,00000000,00000000,00000000,554C9AD9), ref: 0049E622
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0049E637
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1375471231-0
                                                                                                                                                                                • Opcode ID: 3b25b2bf652a9b564b26553f7980285f893cc1f46bad78e318f9c7318d09db0f
                                                                                                                                                                                • Instruction ID: 6ed70589b5ef52341549c58a9c58e01730df6f24d26f59066d9767976b0fcf79
                                                                                                                                                                                • Opcode Fuzzy Hash: 3b25b2bf652a9b564b26553f7980285f893cc1f46bad78e318f9c7318d09db0f
                                                                                                                                                                                • Instruction Fuzzy Hash: 38E01A3050120CEFEF04DFA1C81D7AD7BA9EB18319F14C5AAE80657280E7799F94DE55
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00451F02, Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00451F02(void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t8;
				void* _t12;
				void* _t20;
				void* _t21;

				_t21 = __eflags;
				E00456860(_t12, __edi, __esi);
				_t8 = E00457400(_t12, __edx, __edi, _t21);
				 *(_t20 - 4) =  *(_t20 - 4) & 0x00000000;
				E00451EC5( *((intOrPtr*)(_t8 + 0x54))( *((intOrPtr*)(_t8 + 0x58)), 0x5441d8, 0xc)); // executed
				 *((intOrPtr*)(_t20 - 0x1c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t20 - 0x14))))));
				return E0045B73E(_t12,  *(_t20 - 4),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t20 - 0x14)))))),  *((intOrPtr*)(_t20 - 0x14)));
			}







                                                                                                                                                                                0x00451f02
                                                                                                                                                                                0x00451f09
                                                                                                                                                                                0x00451f0e
                                                                                                                                                                                0x00451f13
                                                                                                                                                                                0x00451f1e
                                                                                                                                                                                0x00451f2a
                                                                                                                                                                                0x00451f36

                                                                                                                                                                                APIs
                                                                                                                                                                                • __getptd.LIBCMT ref: 00451F0E
                                                                                                                                                                                  • Part of subcall function 00457400: __getptd_noexit.LIBCMT ref: 00457403
                                                                                                                                                                                  • Part of subcall function 00457400: __amsg_exit.LIBCMT ref: 00457410
                                                                                                                                                                                  • Part of subcall function 00451EC5: __IsNonwritableInCurrentImage.LIBCMT ref: 00451ED8
                                                                                                                                                                                  • Part of subcall function 00451EC5: __getptd_noexit.LIBCMT ref: 00451EE8
                                                                                                                                                                                  • Part of subcall function 00451EC5: __freeptd.LIBCMT ref: 00451EF2
                                                                                                                                                                                  • Part of subcall function 00451EC5: ExitThread.KERNEL32 ref: 00451EFB
                                                                                                                                                                                • __XcptFilter.LIBCMT ref: 00451F2F
                                                                                                                                                                                  • Part of subcall function 0045B73E: __getptd_noexit.LIBCMT ref: 0045B746
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __getptd_noexit$CurrentExitFilterImageNonwritableThreadXcpt__amsg_exit__freeptd__getptd
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 393088965-0
                                                                                                                                                                                • Opcode ID: 15d05b8fc0f517c78afa5a291257b6dc5f963ba68e1fd513f6f8a81547b156e7
                                                                                                                                                                                • Instruction ID: 2db33640291945a4916f261701f022404c50faab4637c64130de3f2df15c61e3
                                                                                                                                                                                • Opcode Fuzzy Hash: 15d05b8fc0f517c78afa5a291257b6dc5f963ba68e1fd513f6f8a81547b156e7
                                                                                                                                                                                • Instruction Fuzzy Hash: ABE08CB0900A009FD708BBA1C906F3D3B64EF4430AF21048EF8016B2B3CB38A844DE28
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0045799C, Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E0045799C(int _a4) {

				E00457971(_a4);
				ExitProcess(_a4);
			}



                                                                                                                                                                                0x004579a4
                                                                                                                                                                                0x004579ad

                                                                                                                                                                                APIs
                                                                                                                                                                                • ___crtCorExitProcess.LIBCMT ref: 004579A4
                                                                                                                                                                                  • Part of subcall function 00457971: GetModuleHandleW.KERNEL32(mscoree.dll,?,004579A9,?,?,0044FC12,000000FF,0000001E,?,00457755,?,00000001,?,?,00457D86,00000018), ref: 0045797B
                                                                                                                                                                                  • Part of subcall function 00457971: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0045798B
                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 004579AD
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2427264223-0
                                                                                                                                                                                • Opcode ID: 1af2791227fca424a2fddb2dc790eec8f133d391b39f7d2c30ad27ed7b057826
                                                                                                                                                                                • Instruction ID: 01e986f5e3393614e45b7cf44e6b393859f2d6e220982185113d1069ae569363
                                                                                                                                                                                • Opcode Fuzzy Hash: 1af2791227fca424a2fddb2dc790eec8f133d391b39f7d2c30ad27ed7b057826
                                                                                                                                                                                • Instruction Fuzzy Hash: B5B09B350141087BDB012F12DC0985D3F15DB813517104025F81509031DF719D96D595
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00417CF0, Relevance: 1.6, APIs: 1, Instructions: 99COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 76%
                                                                                                                                                                                			E00417CF0(void* __eflags, signed int _a4, char _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				char _v32;
				void* __ecx;
				signed int _t49;
				intOrPtr _t59;
				void* _t63;
				char _t72;
				signed int _t106;
				void* _t107;

				_push(0xffffffff);
				_push(0x514280);
				_push( *[fs:0x0]);
				_push(_t72);
				_t49 =  *0x561244; // 0x554c9ad9
				_push(_t49 ^ _t106);
				 *[fs:0x0] =  &_v16;
				_v20 = _t107 - 0xc;
				_v32 = _t72;
				_v28 = _a4 | 0x00000007;
				if(E00417AF0(_v32) >= _v28) {
					if(_v28 / 3 <  *(_v32 + 0x18) >> 1 &&  *(_v32 + 0x18) <= E00417AF0(_v32) - ( *(_v32 + 0x18) >> 1)) {
						_v28 = ( *(_v32 + 0x18) >> 1) +  *(_v32 + 0x18);
					}
				} else {
					_v28 = _a4;
				}
				_v24 = 0;
				_v8 = 0;
				_t59 = E00417CD0(_v32, _v28 + 1); // executed
				_v24 = _t59;
				_v8 = 0xffffffff;
				if(_a8 > 0) {
					E00418000(_v28 + 1, _v24, _v28 + 1, E00418030(_v32), _a8);
				}
				E00417E70(_v32, 1, 0);
				 *((intOrPtr*)(_v32 + 4)) = _v24;
				 *(_v32 + 0x18) = _v28;
				_t63 = E00418080(_v32, _a8);
				 *[fs:0x0] = _v16;
				return _t63;
			}
















                                                                                                                                                                                0x00417cf3
                                                                                                                                                                                0x00417cf5
                                                                                                                                                                                0x00417d00
                                                                                                                                                                                0x00417d01
                                                                                                                                                                                0x00417d08
                                                                                                                                                                                0x00417d0f
                                                                                                                                                                                0x00417d13
                                                                                                                                                                                0x00417d19
                                                                                                                                                                                0x00417d1c
                                                                                                                                                                                0x00417d25
                                                                                                                                                                                0x00417d33
                                                                                                                                                                                0x00417d53
                                                                                                                                                                                0x00417d7d
                                                                                                                                                                                0x00417d7d
                                                                                                                                                                                0x00417d35
                                                                                                                                                                                0x00417d38
                                                                                                                                                                                0x00417d38
                                                                                                                                                                                0x00417d80
                                                                                                                                                                                0x00417d87
                                                                                                                                                                                0x00417d98
                                                                                                                                                                                0x00417d9d
                                                                                                                                                                                0x00417df9
                                                                                                                                                                                0x00417e04
                                                                                                                                                                                0x00417e1e
                                                                                                                                                                                0x00417e23
                                                                                                                                                                                0x00417e2d
                                                                                                                                                                                0x00417e38
                                                                                                                                                                                0x00417e41
                                                                                                                                                                                0x00417e4b
                                                                                                                                                                                0x00417e53
                                                                                                                                                                                0x00417e61

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00417AF0: allocator.LIBCPMTD ref: 00417AFC
                                                                                                                                                                                • allocator.LIBCPMTD ref: 00417D98
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: allocator
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3447690668-0
                                                                                                                                                                                • Opcode ID: 49a2f17e9de5e3deacfbff8912cce8294b908f3145b02ac1c15cb8764968bbeb
                                                                                                                                                                                • Instruction ID: 9f44215ad7b48d03794646ec72d63729a886d3fb837e5d513c72074537cc9730
                                                                                                                                                                                • Opcode Fuzzy Hash: 49a2f17e9de5e3deacfbff8912cce8294b908f3145b02ac1c15cb8764968bbeb
                                                                                                                                                                                • Instruction Fuzzy Hash: DB41CAB4E0420A9FCB08DF99D991ABFBBB5FF58314F10811EE515A7381D638A981CBD4
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0041EDE0, Relevance: 1.6, APIs: 1, Instructions: 68registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                                                			E0041EDE0(void** __ecx, short* _a4, char* _a8, unsigned int* _a12) {
				int _v8;
				int _v12;
				long _v16;
				void** _v20;
				long _t35;

				_v20 = __ecx;
				do {
				} while (0 != 0 || 0 != 0);
				_v12 =  *_a12 << 1;
				 *_a12 = 0;
				_t35 = RegQueryValueExW( *_v20, _a4, 0,  &_v8, _a8,  &_v12); // executed
				_v16 = _t35;
				if(_v16 == 0) {
					if(_v8 == 1 || _v8 == 2) {
						if(_a8 == 0) {
							L15:
							 *_a12 = _v12 >> 1;
							return 0;
						}
						if(_v12 == 0) {
							 *_a8 = 0;
							goto L15;
						}
						if(_v12 % 2 != 0 || (_a8[(_v12 >> 1) * 2 - 2] & 0x0000ffff) != 0) {
							return 0xd;
						} else {
							goto L15;
						}
					} else {
						return 0xd;
					}
				}
				return _v16;
			}








                                                                                                                                                                                0x0041ede6
                                                                                                                                                                                0x0041ede9
                                                                                                                                                                                0x0041ede9
                                                                                                                                                                                0x0041edf8
                                                                                                                                                                                0x0041edfe
                                                                                                                                                                                0x0041ee1c
                                                                                                                                                                                0x0041ee22
                                                                                                                                                                                0x0041ee29
                                                                                                                                                                                0x0041ee34
                                                                                                                                                                                0x0041ee47
                                                                                                                                                                                0x0041ee81
                                                                                                                                                                                0x0041ee89
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0041ee8b
                                                                                                                                                                                0x0041ee4d
                                                                                                                                                                                0x0041ee7e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0041ee7e
                                                                                                                                                                                0x0041ee5d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0041ee77
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0041ee77
                                                                                                                                                                                0x0041ee3c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0041ee3c
                                                                                                                                                                                0x0041ee34
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • RegQueryValueExW.KERNEL32(00000020,00000001,00000000,00000020,?,00000001,0047F702,svcVersion,00000001,00000020,Software\Microsoft\Internet Explorer\,00000001,554C9AD9), ref: 0041EE1C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3660427363-0
                                                                                                                                                                                • Opcode ID: eab2924b431d68ee9115c4182a009e1237d85a4e1ed2f57fa7b1bca71f828541
                                                                                                                                                                                • Instruction ID: be990d5a6d9182fce01ba0ffaa6c408bebd698dfed37db20f02eb68458331d30
                                                                                                                                                                                • Opcode Fuzzy Hash: eab2924b431d68ee9115c4182a009e1237d85a4e1ed2f57fa7b1bca71f828541
                                                                                                                                                                                • Instruction Fuzzy Hash: 2D214F78A00209EBDB18CF9AC444BEFB7B6EF98300F10855AEC1597390D7389A81CB95
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00433AC0, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 71%
                                                                                                                                                                                			E00433AC0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed char _a20) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				void* __ecx;
				signed int _t26;
				intOrPtr _t29;
				intOrPtr _t38;
				signed int _t52;
				void* _t53;

				_push(0xffffffff);
				_push(0x5160c1);
				_push( *[fs:0x0]);
				_push(_t38);
				_t26 =  *0x561244; // 0x554c9ad9
				_push(_t26 ^ _t52);
				 *[fs:0x0] =  &_v16;
				_v20 = _t53 - 0x14;
				_v36 = _t38;
				_t29 = E00433BF0(_v36 + 1, 1); // executed
				_v24 = _t29;
				_v8 = 0;
				_v32 = E004144B0(0x34, _v24);
				_v8 = 1;
				if(_v32 == 0) {
					_v40 = 0;
				} else {
					_v40 = E00434540(_a4, _a8, _a12, _a16, _a20 & 0x000000ff);
				}
				_v28 = _v40;
				_v8 = 0;
				_v8 = 0xffffffff;
				 *[fs:0x0] = _v16;
				return _v24;
			}

















                                                                                                                                                                                0x00433ac3
                                                                                                                                                                                0x00433ac5
                                                                                                                                                                                0x00433ad0
                                                                                                                                                                                0x00433ad1
                                                                                                                                                                                0x00433ad8
                                                                                                                                                                                0x00433adf
                                                                                                                                                                                0x00433ae3
                                                                                                                                                                                0x00433ae9
                                                                                                                                                                                0x00433aec
                                                                                                                                                                                0x00433af7
                                                                                                                                                                                0x00433afc
                                                                                                                                                                                0x00433aff
                                                                                                                                                                                0x00433b14
                                                                                                                                                                                0x00433b17
                                                                                                                                                                                0x00433b1f
                                                                                                                                                                                0x00433b43
                                                                                                                                                                                0x00433b21
                                                                                                                                                                                0x00433b3e
                                                                                                                                                                                0x00433b3e
                                                                                                                                                                                0x00433b4d
                                                                                                                                                                                0x00433b50
                                                                                                                                                                                0x00433b7d
                                                                                                                                                                                0x00433b8a
                                                                                                                                                                                0x00433b98

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: allocator
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3447690668-0
                                                                                                                                                                                • Opcode ID: 83640e26c94aebb76eba98aae00a5ad1b0284f78fbe020472ed44b087b7fb3e9
                                                                                                                                                                                • Instruction ID: 4b0772133269115f449d225d50a6fdfeab6dc7638e8dbd230a6130781ab4af68
                                                                                                                                                                                • Opcode Fuzzy Hash: 83640e26c94aebb76eba98aae00a5ad1b0284f78fbe020472ed44b087b7fb3e9
                                                                                                                                                                                • Instruction Fuzzy Hash: 002138B1D04249EFDB04CF99D941BEEFBF8EB48714F20425AE915A7381D3796A00CBA5
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004F8180, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 71%
                                                                                                                                                                                			E004F8180(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v52;
				char _v53;
				intOrPtr _v60;
				signed int _t19;
				signed int _t20;
				void* _t27;
				signed int _t45;

				_t44 = __esi;
				_t43 = __edi;
				_t31 = __ebx;
				_push(0xffffffff);
				_push(0x50ddb4);
				_push( *[fs:0x0]);
				_t19 =  *0x561244; // 0x554c9ad9
				_t20 = _t19 ^ _t45;
				_v20 = _t20;
				_push(_t20);
				 *[fs:0x0] =  &_v16;
				_v60 = __ecx;
				_t49 = _a4;
				if(_a4 != 0) {
					E004175C0(E00434050( &_v53));
					_v8 = 0;
					_t42 =  &_v52;
					_t27 = E004F80E0(__ebx, _v60, __edi, __esi, _t49,  &_v52, _a8, _a12); // executed
					E0045184A(_a4, _t27);
					_v8 = 0xffffffff;
					E004176E0();
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_a4, _t31, _v20 ^ _t45, _t42, _t43, _t44);
			}













                                                                                                                                                                                0x004f8180
                                                                                                                                                                                0x004f8180
                                                                                                                                                                                0x004f8180
                                                                                                                                                                                0x004f8183
                                                                                                                                                                                0x004f8185
                                                                                                                                                                                0x004f8190
                                                                                                                                                                                0x004f8194
                                                                                                                                                                                0x004f8199
                                                                                                                                                                                0x004f819b
                                                                                                                                                                                0x004f819e
                                                                                                                                                                                0x004f81a2
                                                                                                                                                                                0x004f81a8
                                                                                                                                                                                0x004f81ab
                                                                                                                                                                                0x004f81af
                                                                                                                                                                                0x004f81bd
                                                                                                                                                                                0x004f81c2
                                                                                                                                                                                0x004f81d1
                                                                                                                                                                                0x004f81d8
                                                                                                                                                                                0x004f81e2
                                                                                                                                                                                0x004f81ea
                                                                                                                                                                                0x004f81f4
                                                                                                                                                                                0x004f81f4
                                                                                                                                                                                0x004f81ff
                                                                                                                                                                                0x004f8214

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _wcscpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3048848545-0
                                                                                                                                                                                • Opcode ID: 57a0d0681e8b51e02ed76213244499fbbf17c7ea2922411a5478853163c1205f
                                                                                                                                                                                • Instruction ID: 9f85bb52fc9fbc8ed2681f036a1197e0334804cff0233300be372910fdc1c147
                                                                                                                                                                                • Opcode Fuzzy Hash: 57a0d0681e8b51e02ed76213244499fbbf17c7ea2922411a5478853163c1205f
                                                                                                                                                                                • Instruction Fuzzy Hash: B3112E71904108AFCB04DF95D841FEEB7B8FF08714F00462EF81597291EB346944CB54
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00422580, Relevance: 1.5, APIs: 1, Instructions: 45registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00422580(intOrPtr* __ecx, void* _a4, short* _a8, short* _a12, int _a16, int _a20, struct _SECURITY_ATTRIBUTES* _a24, intOrPtr* _a28) {
				void* _v8;
				long _v12;
				int _v16;
				intOrPtr* _v20;
				long _t27;

				_v20 = __ecx;
				_v8 = 0;
				_t27 = RegCreateKeyExW(_a4, _a8, 0, _a12, _a16, _a20, _a24,  &_v8,  &_v16); // executed
				_v12 = _t27;
				if(_a28 != 0) {
					 *_a28 = _v16;
				}
				if(_v12 == 0) {
					_v12 = E0041EF10(_v20);
					 *_v20 = _v8;
					 *(_v20 + 4) = _a20 & 0x00000300;
				}
				return _v12;
			}








                                                                                                                                                                                0x00422586
                                                                                                                                                                                0x00422589
                                                                                                                                                                                0x004225b2
                                                                                                                                                                                0x004225b8
                                                                                                                                                                                0x004225bf
                                                                                                                                                                                0x004225c7
                                                                                                                                                                                0x004225c7
                                                                                                                                                                                0x004225cd
                                                                                                                                                                                0x004225d7
                                                                                                                                                                                0x004225e0
                                                                                                                                                                                0x004225ed
                                                                                                                                                                                0x004225ed
                                                                                                                                                                                0x004225f6

                                                                                                                                                                                APIs
                                                                                                                                                                                • RegCreateKeyExW.KERNEL32(?,?,00000000,?,?,00000000,?,00000000,?), ref: 004225B2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Create
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                                                                • Opcode ID: da7658d9d66157049bda50bbad2381ad61c0328b49598051536313ee3ed6bc67
                                                                                                                                                                                • Instruction ID: f1e750a2e26c41efd03ff71885b0f68c48a1e76b5339024fafdb6696c1735a02
                                                                                                                                                                                • Opcode Fuzzy Hash: da7658d9d66157049bda50bbad2381ad61c0328b49598051536313ee3ed6bc67
                                                                                                                                                                                • Instruction Fuzzy Hash: 1B11D0B5A00209EFCB04CF98D994AEFBBB8FB48300F108559E915A7340D734AA51CB94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00424630, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                			E00424630(intOrPtr __ecx, intOrPtr _a4) {
				intOrPtr _v8;
				int _t10;

				_push(__ecx);
				_v8 = __ecx;
				if((E00404630(__ecx, _a4) & 0x000000ff) != 0) {
					_t10 = IsValidCodePage(E00423990(_v8, _a4)); // executed
					if(_t10 != 0) {
						if(E004244C0(E00423900(_v8, _a4) & 0x000000ff) != 0) {
							return 1;
						}
						return 0;
					}
					return 0;
				}
				return 0;
			}





                                                                                                                                                                                0x00424633
                                                                                                                                                                                0x00424634
                                                                                                                                                                                0x00424648
                                                                                                                                                                                0x0042465b
                                                                                                                                                                                0x00424663
                                                                                                                                                                                0x00424683
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00424689
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00424685
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00424665
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • IsValidCodePage.KERNEL32(00000000,?,?), ref: 0042465B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CodePageValid
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1911128615-0
                                                                                                                                                                                • Opcode ID: c9f08de8c4f879767d6e2a12e85733756157903cfeeece9dab4b5c17de24084a
                                                                                                                                                                                • Instruction ID: acd3b80e2f9a2ac0ace554b376bf7bf21ec0217d72e302f345e402b3ba2f3122
                                                                                                                                                                                • Opcode Fuzzy Hash: c9f08de8c4f879767d6e2a12e85733756157903cfeeece9dab4b5c17de24084a
                                                                                                                                                                                • Instruction Fuzzy Hash: 0EF09CF4700124778E04DF51F8459BB339C9E92309750415AF80687201D53DDA1966A9
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0041EEA0, Relevance: 1.5, APIs: 1, Instructions: 36registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                                                			E0041EEA0(intOrPtr* __ecx, void* _a4, short* _a8, int _a12) {
				void* _v8;
				long _v12;
				intOrPtr* _v16;
				long _t19;

				_v16 = __ecx;
				do {
				} while (0 != 0 || 0 != 0);
				_v8 = 0;
				_t19 = RegOpenKeyExW(_a4, _a8, 0, _a12,  &_v8); // executed
				_v12 = _t19;
				if(_v12 == 0) {
					_v12 = E0041EF10(_v16);
					 *_v16 = _v8;
					 *(_v16 + 4) = _a12 & 0x00000300;
				}
				return _v12;
			}







                                                                                                                                                                                0x0041eea6
                                                                                                                                                                                0x0041eea9
                                                                                                                                                                                0x0041eea9
                                                                                                                                                                                0x0041eeb1
                                                                                                                                                                                0x0041eeca
                                                                                                                                                                                0x0041eed0
                                                                                                                                                                                0x0041eed7
                                                                                                                                                                                0x0041eee1
                                                                                                                                                                                0x0041eeea
                                                                                                                                                                                0x0041eef8
                                                                                                                                                                                0x0041eef8
                                                                                                                                                                                0x0041ef01

                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(00000001,?,00000000,00000000,00000000,Software\Microsoft\Internet Explorer\,00000001), ref: 0041EECA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                • Opcode ID: 7933fb232ceb25f8994056af9fbb8c987e53069f7ad553ecf10823e6c5af83cf
                                                                                                                                                                                • Instruction ID: e72a7226712429adf47ea8eac5b50b7f1d65c1406d4f5b2af12a8abfb9092063
                                                                                                                                                                                • Opcode Fuzzy Hash: 7933fb232ceb25f8994056af9fbb8c987e53069f7ad553ecf10823e6c5af83cf
                                                                                                                                                                                • Instruction Fuzzy Hash: EC01B679A00208EFCB04DF95D885AEEBBB5EB88300F10C5AAE8159B340D7349A50DB94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00429BB0, Relevance: 1.5, APIs: 1, Instructions: 35registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                                                			E00429BB0(void** __ecx, short* _a4, char* _a8) {
				int _v8;
				int _v12;
				long _v16;
				void** _v20;
				long _t15;

				_v20 = __ecx;
				do {
				} while (0 != 0 || 0 != 0);
				_v12 = 4;
				_t15 = RegQueryValueExW( *_v20, _a4, 0,  &_v8, _a8,  &_v12); // executed
				_v16 = _t15;
				if(_v16 == 0) {
					if(_v8 == 4) {
						return 0;
					}
					return 0xd;
				}
				return _v16;
			}








                                                                                                                                                                                0x00429bb6
                                                                                                                                                                                0x00429bb9
                                                                                                                                                                                0x00429bb9
                                                                                                                                                                                0x00429bc1
                                                                                                                                                                                0x00429be0
                                                                                                                                                                                0x00429be6
                                                                                                                                                                                0x00429bed
                                                                                                                                                                                0x00429bf8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00429c01
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00429bfa
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • RegQueryValueExW.KERNEL32(554C9AD9,00000004,00000000,554C9AD9,?,00000004,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\System), ref: 00429BE0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3660427363-0
                                                                                                                                                                                • Opcode ID: 1a4580bf5f4484c55dbb0b26d34549cd485e0b3af099ee7def2407f50086bd3c
                                                                                                                                                                                • Instruction ID: f7dae3d87c89e33c9cd46dbbadd7aec66fcca4881972f95749d9c857ab391f74
                                                                                                                                                                                • Opcode Fuzzy Hash: 1a4580bf5f4484c55dbb0b26d34549cd485e0b3af099ee7def2407f50086bd3c
                                                                                                                                                                                • Instruction Fuzzy Hash: 35F04971A00218EBDB04DF99E848BAFB7B4BB48304F40859AE91197390E378AE04CB95
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00433D20, Relevance: 1.5, APIs: 1, Instructions: 27COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00433D20(signed int _a4) {
				char _v16;
				void* __ebp;
				signed int _t12;
				void* _t15;
				void* _t19;
				void* _t25;

				if(_a4 > 0) {
					__eflags = (_t12 | 0xffffffff) / _a4 - 0x34;
					if(__eflags < 0) {
						E00417B30(0);
						E00456A4C( &_v16, 0x544b88);
					}
				} else {
					_a4 = 0;
				}
				_t15 = E0044F76F(_t19, _t25, _a4 * 0x34, _a4 * 0x34); // executed
				return _t15;
			}









                                                                                                                                                                                0x00433d2a
                                                                                                                                                                                0x00433d3d
                                                                                                                                                                                0x00433d40
                                                                                                                                                                                0x00433d47
                                                                                                                                                                                0x00433d55
                                                                                                                                                                                0x00433d55
                                                                                                                                                                                0x00433d2c
                                                                                                                                                                                0x00433d2c
                                                                                                                                                                                0x00433d2c
                                                                                                                                                                                0x00433d61
                                                                                                                                                                                0x00433d6c

                                                                                                                                                                                APIs
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00433D55
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Exception@8Throw
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2005118841-0
                                                                                                                                                                                • Opcode ID: f9326e7b8210b06369c1944a9a5841989f220bb51d6bb889c83042d073ef6ed8
                                                                                                                                                                                • Instruction ID: e43e9bdc0413b454325974aea46165c8a24d2e5647b2e6daf7de51821789c90a
                                                                                                                                                                                • Opcode Fuzzy Hash: f9326e7b8210b06369c1944a9a5841989f220bb51d6bb889c83042d073ef6ed8
                                                                                                                                                                                • Instruction Fuzzy Hash: 2FE02B7090010866EF04EF60C84279D3B29AB10369F00863BFC0B5A0C1DB38EB8986CD
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0041EF10, Relevance: 1.5, APIs: 1, Instructions: 21registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E0041EF10(void** __ecx) {
				void* _v8;
				void** _v12;
				long _t12;

				_v12 = __ecx;
				_v8 = 0;
				if( *_v12 != 0) {
					_t12 = RegCloseKey( *_v12); // executed
					_v8 = _t12;
					 *_v12 = 0;
				}
				_v12[1] = 0;
				return _v8;
			}






                                                                                                                                                                                0x0041ef16
                                                                                                                                                                                0x0041ef19
                                                                                                                                                                                0x0041ef26
                                                                                                                                                                                0x0041ef2e
                                                                                                                                                                                0x0041ef34
                                                                                                                                                                                0x0041ef3a
                                                                                                                                                                                0x0041ef3a
                                                                                                                                                                                0x0041ef43
                                                                                                                                                                                0x0041ef50

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                • Opcode ID: 91ea06a02c1e2abaa4150cc088f806866b2a54e11f8803adc4cfb31c19173421
                                                                                                                                                                                • Instruction ID: 820672166823583b4fef396b48c4dbdbd765742b514186620d846768b76c89e1
                                                                                                                                                                                • Opcode Fuzzy Hash: 91ea06a02c1e2abaa4150cc088f806866b2a54e11f8803adc4cfb31c19173421
                                                                                                                                                                                • Instruction Fuzzy Hash: ADF0E578900308EFDB00CF98D594B9EBFB4EB49304F1080D9E804AB390C776AE85DB90
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00443050, Relevance: 1.5, APIs: 1, Instructions: 17comCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CoCreateInstance.OLE32(000000FF,00000000,000000FF,0053D3B4,554C9AD9,?,?,00490443,0051BAFC,00000000,00000017,00000000,00000000,000000FF,00000000,000000FF), ref: 0044306C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateInstance
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 542301482-0
                                                                                                                                                                                • Opcode ID: e2591718d38672465c40d119d12b6cfdae1246e638e281d2108abddb0f8c5d8b
                                                                                                                                                                                • Instruction ID: d7e829fc0369689cf003dd1b57fd33423f6668e70923e4d6f68ba6fba734b568
                                                                                                                                                                                • Opcode Fuzzy Hash: e2591718d38672465c40d119d12b6cfdae1246e638e281d2108abddb0f8c5d8b
                                                                                                                                                                                • Instruction Fuzzy Hash: 2AD067B660420CBB8B04CFD9EC45CAEB7BCEB5C750B108549B90887300D631AE109BA5
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00422F50, Relevance: 1.5, APIs: 1, Instructions: 17registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegDeleteValueW.KERNEL32(00000000,?), ref: 00422F69
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DeleteValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1108222502-0
                                                                                                                                                                                • Opcode ID: 623dbd52a23a3001517e907731fa794683d2616bae9e7e4ea07a56ac7a586e52
                                                                                                                                                                                • Instruction ID: 466e9685c4020b865daf75248f732fbf60c7d645a2e0b63f6194d1e79d89bd0b
                                                                                                                                                                                • Opcode Fuzzy Hash: 623dbd52a23a3001517e907731fa794683d2616bae9e7e4ea07a56ac7a586e52
                                                                                                                                                                                • Instruction Fuzzy Hash: E7D0A77170420DBB8B28CF95EA44CABB7B8EB5D340740816EF80DC7310E631AD20E69C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0044FAA9, Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                			E0044FAA9(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t9;
				void* _t18;

				_push(0xc);
				_push(0x544118);
				E00456860(__ebx, __edi, __esi);
				E004579B4();
				 *(_t18 - 4) =  *(_t18 - 4) & 0x00000000;
				_t9 = E0044F9BE(__edx,  *((intOrPtr*)(_t18 + 8))); // executed
				 *((intOrPtr*)(_t18 - 0x1c)) = _t9;
				 *(_t18 - 4) = 0xfffffffe;
				E0044FADF();
				return E004568A5( *((intOrPtr*)(_t18 - 0x1c)));
			}





                                                                                                                                                                                0x0044faa9
                                                                                                                                                                                0x0044faab
                                                                                                                                                                                0x0044fab0
                                                                                                                                                                                0x0044fab5
                                                                                                                                                                                0x0044faba
                                                                                                                                                                                0x0044fac1
                                                                                                                                                                                0x0044fac7
                                                                                                                                                                                0x0044faca
                                                                                                                                                                                0x0044fad1
                                                                                                                                                                                0x0044fade

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004579B4: __lock.LIBCMT ref: 004579B6
                                                                                                                                                                                • __onexit_nolock.LIBCMT ref: 0044FAC1
                                                                                                                                                                                  • Part of subcall function 0044F9BE: __decode_pointer.LIBCMT ref: 0044F9CD
                                                                                                                                                                                  • Part of subcall function 0044F9BE: __decode_pointer.LIBCMT ref: 0044F9DD
                                                                                                                                                                                  • Part of subcall function 0044F9BE: __msize.LIBCMT ref: 0044F9FB
                                                                                                                                                                                  • Part of subcall function 0044F9BE: __realloc_crt.LIBCMT ref: 0044FA1F
                                                                                                                                                                                  • Part of subcall function 0044F9BE: __realloc_crt.LIBCMT ref: 0044FA35
                                                                                                                                                                                  • Part of subcall function 0044F9BE: __encode_pointer.LIBCMT ref: 0044FA47
                                                                                                                                                                                  • Part of subcall function 0044F9BE: __encode_pointer.LIBCMT ref: 0044FA55
                                                                                                                                                                                  • Part of subcall function 0044F9BE: __encode_pointer.LIBCMT ref: 0044FA60
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __encode_pointer$__decode_pointer__realloc_crt$__lock__msize__onexit_nolock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1316407801-0
                                                                                                                                                                                • Opcode ID: 03bfc8f837780bf28ef7ca825567f3edbeaad42c8c69f643a1cb87bab58b4b47
                                                                                                                                                                                • Instruction ID: 0060cbbf07bae28ecfac1589c5c3401a5b99e779319e2f9ba1ee8d50a06e8e19
                                                                                                                                                                                • Opcode Fuzzy Hash: 03bfc8f837780bf28ef7ca825567f3edbeaad42c8c69f643a1cb87bab58b4b47
                                                                                                                                                                                • Instruction Fuzzy Hash: D3D05B71C41209E6EF00BBA6D90275D76717F00319F50416EB414671D3C77C09499A59
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00454D7B, Relevance: 1.5, APIs: 1, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                                                			E00454D7B(intOrPtr _a4, intOrPtr _a8) {
				signed int _t3;
				void* _t7;
				void* _t8;

				_t3 = E00454CF2(_t7, _t8, _a4, _a8); // executed
				asm("sbb eax, eax");
				return  ~_t3;
			}






                                                                                                                                                                                0x00454d86
                                                                                                                                                                                0x00454d8f
                                                                                                                                                                                0x00454d92

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __waccess_s
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4272103461-0
                                                                                                                                                                                • Opcode ID: 121c4f77d4c72d3789264fc0d0d617dc9724d87233f222cead199be475d85574
                                                                                                                                                                                • Instruction ID: c01e5d1af73e778fe685e865bf1456fca0106d4cf4c4f886beebd409df1a495b
                                                                                                                                                                                • Opcode Fuzzy Hash: 121c4f77d4c72d3789264fc0d0d617dc9724d87233f222cead199be475d85574
                                                                                                                                                                                • Instruction Fuzzy Hash: BBC02B3300400C3F4F091DEAEC00C043F09C6C0334710C116FD0D8C091CD33D4508140
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004BF540, Relevance: 1.5, APIs: 1, Instructions: 5COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E004BF540() {
				void* _t1;

				_t1 = E004AD770(); // executed
				return _t1;
			}




                                                                                                                                                                                0x004bf543
                                                                                                                                                                                0x004bf549

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Immortalize
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3616842037-0
                                                                                                                                                                                • Opcode ID: 5dbd62528cc33c2737e932bb5ae544e02b3404c8f173e11231d85b841e937ac0
                                                                                                                                                                                • Instruction ID: bec5800c557f340bf7698a95b029d2fbb24a3ee7f25a093016f180e1ef5b7da0
                                                                                                                                                                                • Opcode Fuzzy Hash: 5dbd62528cc33c2737e932bb5ae544e02b3404c8f173e11231d85b841e937ac0
                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004BF560, Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E004BF560() {
				void* _t1;
				void* _t2;
				void* _t3;
				void* _t4;

				_t1 = E004C0DC0(_t2, _t3, _t4); // executed
				return _t1;
			}







                                                                                                                                                                                0x004bf563
                                                                                                                                                                                0x004bf569

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Immortalize
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3616842037-0
                                                                                                                                                                                • Opcode ID: 36217ca55ba7067f56672730f101b919342073117d73d6d31b8693e56017cb5f
                                                                                                                                                                                • Instruction ID: cf1a588253af38d5c78ed486e3d1a561b58262cfe137cd86dc82a65ec62bf7f7
                                                                                                                                                                                • Opcode Fuzzy Hash: 36217ca55ba7067f56672730f101b919342073117d73d6d31b8693e56017cb5f
                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00501CE0, Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00501CE0() {
				void* _t1;

				_t1 = E0041C3A0(); // executed
				return _t1;
			}




                                                                                                                                                                                0x00501ce3
                                                                                                                                                                                0x00501ce9

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Immortalize
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3616842037-0
                                                                                                                                                                                • Opcode ID: 9c390c8b228b117941798a9353a1551da3fb7115f03c5a0abe938777e2469494
                                                                                                                                                                                • Instruction ID: 6dac575237f18692247e38d0b2baf8532e2833ff646b7f3847b638fe8afd50dd
                                                                                                                                                                                • Opcode Fuzzy Hash: 9c390c8b228b117941798a9353a1551da3fb7115f03c5a0abe938777e2469494
                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0045716E, Relevance: 1.5, APIs: 1, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E0045716E() {
				void* _t1;

				_t1 = E004570FC(0); // executed
				return _t1;
			}




                                                                                                                                                                                0x00457170
                                                                                                                                                                                0x00457176

                                                                                                                                                                                APIs
                                                                                                                                                                                • __encode_pointer.LIBCMT ref: 00457170
                                                                                                                                                                                  • Part of subcall function 004570FC: TlsGetValue.KERNEL32(00000000,?,00457175,00000000,0046568D,005BCE20,00000000,00000314,?,00458A62,005BCE20,Microsoft Visual C++ Runtime Library,00012010), ref: 0045710E
                                                                                                                                                                                  • Part of subcall function 004570FC: TlsGetValue.KERNEL32(00000005,?,00457175,00000000,0046568D,005BCE20,00000000,00000314,?,00458A62,005BCE20,Microsoft Visual C++ Runtime Library,00012010), ref: 00457125
                                                                                                                                                                                  • Part of subcall function 004570FC: RtlEncodePointer.NTDLL(00000000,?,00457175,00000000,0046568D,005BCE20,00000000,00000314,?,00458A62,005BCE20,Microsoft Visual C++ Runtime Library,00012010), ref: 00457163
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Value$EncodePointer__encode_pointer
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2585649348-0
                                                                                                                                                                                • Opcode ID: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                                                                                                                • Instruction ID: 4cff56d5ea146b4bd30a3f784e89dbd8dce4e4a2a3783387e5a5808369999fb2
                                                                                                                                                                                • Opcode Fuzzy Hash: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004EDEB0, Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CoUninitialize.OLE32(?,0041A0C8), ref: 004EDEB3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Uninitialize
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3861434553-0
                                                                                                                                                                                • Opcode ID: a5de02cbd1b11b3a82bc3a5a1e72936b420f8548ddea6dfcec47597dc26e73e4
                                                                                                                                                                                • Instruction ID: 2a972c4fab728814f709459dfd4ff36875e05d45aa0f4f1982a65f74532dffed
                                                                                                                                                                                • Opcode Fuzzy Hash: a5de02cbd1b11b3a82bc3a5a1e72936b420f8548ddea6dfcec47597dc26e73e4
                                                                                                                                                                                • Instruction Fuzzy Hash: B490223000020C8B0200238038080E0330C88200323800000E00C000208B0020000080
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 0044F1DA, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 68memorylibraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E0044F1DA() {
				int _t3;
				void* _t5;
				long _t7;
				long _t12;
				long _t17;
				struct HINSTANCE__* _t23;
				void* _t25;
				LONG* _t29;

				_t3 = IsProcessorFeaturePresent(0xc);
				if(_t3 != 0) {
					_t23 = LoadLibraryA("kernel32.dll");
					__eflags = _t23;
					if(_t23 != 0) {
						 *0x5bc844 = GetProcAddress(_t23, "InterlockedPushEntrySList");
						 *0x5bc848 = GetProcAddress(_t23, "InterlockedPopEntrySList");
					}
					__eflags =  *0x5bc844; // 0x0
					if(__eflags == 0) {
						L12:
						_t5 = 0;
						__eflags = 0;
					} else {
						__eflags =  *0x5bc848; // 0x0
						if(__eflags == 0) {
							goto L12;
						} else {
							_t29 =  *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x34;
							_t7 =  *_t29;
							__eflags = _t7;
							if(_t7 != 0) {
								L11:
								 *0x5bc840 = _t7;
								_t5 = 1;
							} else {
								_t25 = HeapAlloc(GetProcessHeap(), 0, 8);
								__eflags = _t25;
								if(_t25 == 0) {
									goto L12;
								} else {
									 *_t25 = 0;
									 *((intOrPtr*)(_t25 + 4)) = 0;
									_t12 = InterlockedCompareExchange(_t29, _t25, 0);
									__eflags = _t12;
									if(_t12 != 0) {
										HeapFree(GetProcessHeap(), 0, _t25);
									}
									_t7 =  *_t29;
									goto L11;
								}
							}
						}
					}
					return _t5;
				} else {
					_t17 = _t3 + 1;
					 *0x5bc840 = _t17;
					return _t17;
				}
			}











                                                                                                                                                                                0x0044f1dc
                                                                                                                                                                                0x0044f1e4
                                                                                                                                                                                0x0044f1fb
                                                                                                                                                                                0x0044f1ff
                                                                                                                                                                                0x0044f201
                                                                                                                                                                                0x0044f217
                                                                                                                                                                                0x0044f21e
                                                                                                                                                                                0x0044f21e
                                                                                                                                                                                0x0044f223
                                                                                                                                                                                0x0044f229
                                                                                                                                                                                0x0044f289
                                                                                                                                                                                0x0044f289
                                                                                                                                                                                0x0044f289
                                                                                                                                                                                0x0044f22b
                                                                                                                                                                                0x0044f22b
                                                                                                                                                                                0x0044f231
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0044f233
                                                                                                                                                                                0x0044f23c
                                                                                                                                                                                0x0044f23f
                                                                                                                                                                                0x0044f241
                                                                                                                                                                                0x0044f243
                                                                                                                                                                                0x0044f27f
                                                                                                                                                                                0x0044f27f
                                                                                                                                                                                0x0044f286
                                                                                                                                                                                0x0044f245
                                                                                                                                                                                0x0044f257
                                                                                                                                                                                0x0044f25b
                                                                                                                                                                                0x0044f25d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0044f25f
                                                                                                                                                                                0x0044f262
                                                                                                                                                                                0x0044f264
                                                                                                                                                                                0x0044f267
                                                                                                                                                                                0x0044f26d
                                                                                                                                                                                0x0044f26f
                                                                                                                                                                                0x0044f277
                                                                                                                                                                                0x0044f277
                                                                                                                                                                                0x0044f27d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0044f27d
                                                                                                                                                                                0x0044f25d
                                                                                                                                                                                0x0044f243
                                                                                                                                                                                0x0044f231
                                                                                                                                                                                0x0044f28e
                                                                                                                                                                                0x0044f1e6
                                                                                                                                                                                0x0044f1e6
                                                                                                                                                                                0x0044f1e7
                                                                                                                                                                                0x0044f1ec
                                                                                                                                                                                0x0044f1ec

                                                                                                                                                                                APIs
                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(0000000C,0044F2B0,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F1DC
                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,?,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F1F5
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,InterlockedPushEntrySList), ref: 0044F20F
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,InterlockedPopEntrySList), ref: 0044F21C
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000008,?,?,?,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F24E
                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F251
                                                                                                                                                                                • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 0044F267
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F274
                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F277
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Heap$AddressProcProcess$AllocCompareExchangeFeatureFreeInterlockedLibraryLoadPresentProcessor
                                                                                                                                                                                • String ID: InterlockedPopEntrySList$InterlockedPushEntrySList$kernel32.dll
                                                                                                                                                                                • API String ID: 3830925854-2586642590
                                                                                                                                                                                • Opcode ID: 7a83753e704f731a755ff519826a143a61fd290225ef870a82e095b13b2b41f9
                                                                                                                                                                                • Instruction ID: 14295b3ad7532e1049eeb092a543909dfedfbe3ce8ac3f2238d5ae29e678ce0a
                                                                                                                                                                                • Opcode Fuzzy Hash: 7a83753e704f731a755ff519826a143a61fd290225ef870a82e095b13b2b41f9
                                                                                                                                                                                • Instruction Fuzzy Hash: 27118275A40251AFFB609FB8AC88D573BE8FB68741B05467AF509C3210D7749C48DA64
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0044F6C8, Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                			E0044F6C8(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x561244; // 0x554c9ad9
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x5bca50 = _t6;
				 *0x5bca4c = _t22;
				 *0x5bca48 = _t25;
				 *0x5bca44 = _t21;
				 *0x5bca40 = _t27;
				 *0x5bca3c = _t26;
				 *0x5bca68 = ss;
				 *0x5bca5c = cs;
				 *0x5bca38 = ds;
				 *0x5bca34 = es;
				 *0x5bca30 = fs;
				 *0x5bca2c = gs;
				asm("pushfd");
				_pop( *0x5bca60);
				 *0x5bca54 =  *_t31;
				 *0x5bca58 = _v0;
				 *0x5bca64 =  &_a4;
				 *0x5bc9a0 = 0x10001;
				_t11 =  *0x5bca58; // 0x0
				 *0x5bc954 = _t11;
				 *0x5bc948 = 0xc0000409;
				 *0x5bc94c = 1;
				_t12 =  *0x561244; // 0x554c9ad9
				_v812 = _t12;
				_t13 =  *0x561248; // 0xaab36526
				_v808 = _t13;
				 *0x5bc998 = IsDebuggerPresent();
				_push(1);
				E00462ED7(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x51bce0);
				if( *0x5bc998 == 0) {
					_push(1);
					E00462ED7(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                                                                                0x0044f6c8
                                                                                                                                                                                0x0044f6c8
                                                                                                                                                                                0x0044f6c8
                                                                                                                                                                                0x0044f6c8
                                                                                                                                                                                0x0044f6c8
                                                                                                                                                                                0x0044f6c8
                                                                                                                                                                                0x0044f6c8
                                                                                                                                                                                0x0044f6ce
                                                                                                                                                                                0x0044f6d0
                                                                                                                                                                                0x0044f6d0
                                                                                                                                                                                0x00456ef2
                                                                                                                                                                                0x00456ef7
                                                                                                                                                                                0x00456efd
                                                                                                                                                                                0x00456f03
                                                                                                                                                                                0x00456f09
                                                                                                                                                                                0x00456f0f
                                                                                                                                                                                0x00456f15
                                                                                                                                                                                0x00456f1c
                                                                                                                                                                                0x00456f23
                                                                                                                                                                                0x00456f2a
                                                                                                                                                                                0x00456f31
                                                                                                                                                                                0x00456f38
                                                                                                                                                                                0x00456f3f
                                                                                                                                                                                0x00456f40
                                                                                                                                                                                0x00456f49
                                                                                                                                                                                0x00456f51
                                                                                                                                                                                0x00456f59
                                                                                                                                                                                0x00456f64
                                                                                                                                                                                0x00456f6e
                                                                                                                                                                                0x00456f73
                                                                                                                                                                                0x00456f78
                                                                                                                                                                                0x00456f82
                                                                                                                                                                                0x00456f8c
                                                                                                                                                                                0x00456f91
                                                                                                                                                                                0x00456f97
                                                                                                                                                                                0x00456f9c
                                                                                                                                                                                0x00456fa8
                                                                                                                                                                                0x00456fad
                                                                                                                                                                                0x00456faf
                                                                                                                                                                                0x00456fb7
                                                                                                                                                                                0x00456fc2
                                                                                                                                                                                0x00456fcf
                                                                                                                                                                                0x00456fd1
                                                                                                                                                                                0x00456fd3
                                                                                                                                                                                0x00456fd8
                                                                                                                                                                                0x00456fec

                                                                                                                                                                                APIs
                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 00456FA2
                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00456FB7
                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(0051BCE0), ref: 00456FC2
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 00456FDE
                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 00456FE5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2579439406-0
                                                                                                                                                                                • Opcode ID: dae8808e2844de53dae41f92b29e3f4fc1baf063fbfcee6f5a19d921d93415a2
                                                                                                                                                                                • Instruction ID: 185bcfbf4be3dc7a61062cf976b791f04ca67b78da15fcb050acc9240d4305d4
                                                                                                                                                                                • Opcode Fuzzy Hash: dae8808e2844de53dae41f92b29e3f4fc1baf063fbfcee6f5a19d921d93415a2
                                                                                                                                                                                • Instruction Fuzzy Hash: 9321FFB88013489FE790DF29F8856543FA4FB28314F50925AE80987B60E7B4698CEF5D
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004C8C80, Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E004C8C80(intOrPtr _a4) {
				int _t2;
				intOrPtr _t3;
				intOrPtr _t4;
				struct HHOOK__* _t7;
				intOrPtr _t8;

				if(_a4 == 0) {
					if( *0x5bde20 == 1) {
						if( *0x5bde1c != 0) {
							_t7 =  *0x5bde1c; // 0x0
							_t2 = UnhookWindowsHookEx(_t7);
						}
						 *0x5bde1c = 0;
					}
					_t8 =  *0x5bde20; // 0x0
					 *0x5bde20 = _t8 - 1;
					return _t2;
				}
				if( *0x5bde20 == 0) {
					 *0x5bde1c = SetWindowsHookExW(2,  &M004C8BE0, 0, GetCurrentThreadId());
				}
				_t3 =  *0x5bde20; // 0x0
				_t4 = _t3 + 1;
				 *0x5bde20 = _t4;
				return _t4;
			}








                                                                                                                                                                                0x004c8c87
                                                                                                                                                                                0x004c8cc3
                                                                                                                                                                                0x004c8ccc
                                                                                                                                                                                0x004c8cce
                                                                                                                                                                                0x004c8cd5
                                                                                                                                                                                0x004c8cd5
                                                                                                                                                                                0x004c8cdb
                                                                                                                                                                                0x004c8cdb
                                                                                                                                                                                0x004c8ce5
                                                                                                                                                                                0x004c8cee
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004c8cee
                                                                                                                                                                                0x004c8c90
                                                                                                                                                                                0x004c8ca8
                                                                                                                                                                                0x004c8ca8
                                                                                                                                                                                0x004c8cad
                                                                                                                                                                                0x004c8cb2
                                                                                                                                                                                0x004c8cb5
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 004C8C92
                                                                                                                                                                                • SetWindowsHookExW.USER32(00000002,004C8BE0,00000000,00000000), ref: 004C8CA2
                                                                                                                                                                                • UnhookWindowsHookEx.USER32(00000000), ref: 004C8CD5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HookWindows$CurrentThreadUnhook
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3577351977-0
                                                                                                                                                                                • Opcode ID: c2a1efb184e29ff7a91679816487362cc365b89fc6dfbf4b1139dcfb18d8a44d
                                                                                                                                                                                • Instruction ID: 78c62b7d4a257791ef89ff007e129983921d467873f45ba689db3b487d97da54
                                                                                                                                                                                • Opcode Fuzzy Hash: c2a1efb184e29ff7a91679816487362cc365b89fc6dfbf4b1139dcfb18d8a44d
                                                                                                                                                                                • Instruction Fuzzy Hash: 4CF0E7781002009FE7909F55EC09B6276B9B378305F10822EE5058E2A0EBBAB459EF79
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00502490, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 80%
                                                                                                                                                                                			E00502490(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				short _v22;
				short _v26;
				short _v30;
				short _v34;
				short _v36;
				char _v68;
				char _v69;
				signed int _t25;
				signed int _t26;
				short _t28;
				intOrPtr _t30;
				signed int _t54;

				_t53 = __esi;
				_t52 = __edi;
				_t39 = __ebx;
				_push(0xffffffff);
				_push(0x508795);
				_push( *[fs:0x0]);
				_t25 =  *0x561244; // 0x554c9ad9
				_t26 = _t25 ^ _t54;
				_v20 = _t26;
				_push(_t26);
				 *[fs:0x0] =  &_v16;
				if(_a4 != 0) {
					E00417A20(__ebx, _a4 + 4, __edi, __esi, 0, 0xffffffff);
				}
				_t28 =  *0x52aca4; // 0x0
				_v36 = _t28;
				_t40 = 0;
				_v34 = 0;
				_v30 = 0;
				_v26 = 0;
				_v22 = 0;
				_t51 =  &_v36;
				if(GetLocaleInfoW(0x400, 0x5a,  &_v36, 8) >= 2) {
					if(_a4 != 0) {
						E00417910( &_v36, E00434050( &_v69));
						_v8 = 0;
						E004181D0(_a4,  &_v68);
						_v8 = 0xffffffff;
						_t40 =  &_v68;
						E004176E0();
					}
					_t51 = _a8 & 0x000000ff;
					if((_a8 & 0x000000ff) == 0) {
						_t30 = 0;
					} else {
						_t30 = E00497500(_t40,  &_v36);
					}
				} else {
					_t30 = 0;
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t30, _t39, _v20 ^ _t54, _t51, _t52, _t53);
			}


















                                                                                                                                                                                0x00502490
                                                                                                                                                                                0x00502490
                                                                                                                                                                                0x00502490
                                                                                                                                                                                0x00502493
                                                                                                                                                                                0x00502495
                                                                                                                                                                                0x005024a0
                                                                                                                                                                                0x005024a4
                                                                                                                                                                                0x005024a9
                                                                                                                                                                                0x005024ab
                                                                                                                                                                                0x005024ae
                                                                                                                                                                                0x005024b2
                                                                                                                                                                                0x005024bc
                                                                                                                                                                                0x005024c8
                                                                                                                                                                                0x005024c8
                                                                                                                                                                                0x005024cd
                                                                                                                                                                                0x005024d3
                                                                                                                                                                                0x005024d7
                                                                                                                                                                                0x005024d9
                                                                                                                                                                                0x005024dc
                                                                                                                                                                                0x005024df
                                                                                                                                                                                0x005024e2
                                                                                                                                                                                0x005024e8
                                                                                                                                                                                0x005024fc
                                                                                                                                                                                0x00502506
                                                                                                                                                                                0x00502518
                                                                                                                                                                                0x0050251d
                                                                                                                                                                                0x0050252b
                                                                                                                                                                                0x00502530
                                                                                                                                                                                0x00502537
                                                                                                                                                                                0x0050253a
                                                                                                                                                                                0x0050253a
                                                                                                                                                                                0x0050253f
                                                                                                                                                                                0x00502545
                                                                                                                                                                                0x00502555
                                                                                                                                                                                0x00502547
                                                                                                                                                                                0x0050254b
                                                                                                                                                                                0x00502550
                                                                                                                                                                                0x005024fe
                                                                                                                                                                                0x005024fe
                                                                                                                                                                                0x005024fe
                                                                                                                                                                                0x0050255a
                                                                                                                                                                                0x0050256f

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000400,0000005A,?,00000008,554C9AD9,?,00000000,00508795,000000FF,?,004E09FD,?,00000000,0000000C,0000005A,00000000), ref: 005024F3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2299586839-0
                                                                                                                                                                                • Opcode ID: 7d108936b4698204d426648dbcda340b10ded35e3497f49d485a21626d27aab5
                                                                                                                                                                                • Instruction ID: 22c70dcdf994eba1062f3603a9771be6de007e099f53124ee60974792897218f
                                                                                                                                                                                • Opcode Fuzzy Hash: 7d108936b4698204d426648dbcda340b10ded35e3497f49d485a21626d27aab5
                                                                                                                                                                                • Instruction Fuzzy Hash: A9217F71A04118EBDB04DFA4DC55BEEB7B4FF08314F10462EE516AB2D0EB345A05CB58
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00495470, Relevance: 31.6, APIs: 14, Strings: 4, Instructions: 139libraryloaderthreadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                			E00495470(void* __edi, short* _a4, short* _a8) {
				int _v8;
				int _v12;
				int _v16;
				void* _v20;
				struct HWND__* _v24;
				long _v28;
				intOrPtr _v32;
				int _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				struct HINSTANCE__* _v52;
				_Unknown_base(*)()* _v56;
				char _v128;
				void* _v132;
				signed short* _t47;
				int _t49;
				int _t56;
				int _t57;
				void* _t85;

				_t85 = __edi;
				if(_a4 == 0) {
					L2:
					return _t47;
				}
				_t47 = _a4;
				if(( *_t47 & 0x0000ffff) != 0) {
					_v20 = 0;
					_v16 = 0;
					_v12 = 0;
					_v8 = 0;
					_t49 = E00494F20(__eflags) & 0x000000ff;
					__eflags = _t49;
					if(_t49 != 0) {
						_v28 = 0;
						_t49 = FindWindowW(L"Progman", 0);
						_v24 = _t49;
						__eflags = _v24;
						if(_v24 != 0) {
							_t49 = GetWindowThreadProcessId(_v24,  &_v28);
						}
						__eflags = _v28;
						if(__eflags != 0) {
							_v32 = E00494F60(__eflags, _v28);
							_t49 = E00494F60(__eflags, GetCurrentProcessId());
							_v36 = _t49;
							__eflags = _v36 - 0x3000;
							if(_v36 == 0x3000) {
								__eflags = _v32 - 0x2000;
								if(_v32 == 0x2000) {
									_t49 = OpenProcess(0x1f0fff, 0, _v28);
									_v40 = _t49;
									__eflags = _v40;
									if(_v40 != 0) {
										_t56 = OpenProcessToken(_v40, 0xf01ff,  &_v44);
										__eflags = _t56;
										if(_t56 != 0) {
											_t57 = DuplicateTokenEx(_v44, 0xf01ff, 0, 2, 1,  &_v48);
											__eflags = _t57;
											if(_t57 != 0) {
												_v56 = 0;
												_v52 = LoadLibraryW(L"AdvApi32");
												__eflags = _v52;
												if(_v52 != 0) {
													_v56 = GetProcAddress(_v52, "CreateProcessAsUserW");
												}
												__eflags = _v56;
												if(_v56 != 0) {
													_v132 = 0;
													E00451D90(_t85,  &_v128, 0, 0x40);
													_v56(_v48, _a4, _a8, 0, 0, 1, 0, 0, 0,  &_v132,  &_v20);
												}
												__eflags = _v52;
												if(_v52 != 0) {
													FreeLibrary(_v52);
												}
												CloseHandle(_v48);
											}
											CloseHandle(_v44);
										}
										_t49 = CloseHandle(_v40);
									}
								}
							}
						}
					}
					__eflags = _v12;
					if(_v12 != 0) {
						return _t49;
					}
					return ShellExecuteW(0, L"open", _a4, _a8, 0, 5);
				}
				goto L2;
			}























                                                                                                                                                                                0x00495470
                                                                                                                                                                                0x0049547d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0049547f
                                                                                                                                                                                0x00495487
                                                                                                                                                                                0x0049548e
                                                                                                                                                                                0x00495497
                                                                                                                                                                                0x0049549a
                                                                                                                                                                                0x0049549d
                                                                                                                                                                                0x004954a5
                                                                                                                                                                                0x004954a8
                                                                                                                                                                                0x004954aa
                                                                                                                                                                                0x004954b0
                                                                                                                                                                                0x004954be
                                                                                                                                                                                0x004954c4
                                                                                                                                                                                0x004954c7
                                                                                                                                                                                0x004954cb
                                                                                                                                                                                0x004954d5
                                                                                                                                                                                0x004954d5
                                                                                                                                                                                0x004954db
                                                                                                                                                                                0x004954df
                                                                                                                                                                                0x004954f1
                                                                                                                                                                                0x004954fb
                                                                                                                                                                                0x00495503
                                                                                                                                                                                0x00495506
                                                                                                                                                                                0x0049550d
                                                                                                                                                                                0x00495513
                                                                                                                                                                                0x0049551a
                                                                                                                                                                                0x0049552b
                                                                                                                                                                                0x00495531
                                                                                                                                                                                0x00495534
                                                                                                                                                                                0x00495538
                                                                                                                                                                                0x0049554b
                                                                                                                                                                                0x00495551
                                                                                                                                                                                0x00495553
                                                                                                                                                                                0x0049556c
                                                                                                                                                                                0x00495572
                                                                                                                                                                                0x00495574
                                                                                                                                                                                0x0049557a
                                                                                                                                                                                0x0049558c
                                                                                                                                                                                0x0049558f
                                                                                                                                                                                0x00495593
                                                                                                                                                                                0x004955a4
                                                                                                                                                                                0x004955a4
                                                                                                                                                                                0x004955a7
                                                                                                                                                                                0x004955ab
                                                                                                                                                                                0x004955ad
                                                                                                                                                                                0x004955bc
                                                                                                                                                                                0x004955e4
                                                                                                                                                                                0x004955e4
                                                                                                                                                                                0x004955e7
                                                                                                                                                                                0x004955eb
                                                                                                                                                                                0x004955f1
                                                                                                                                                                                0x004955f1
                                                                                                                                                                                0x004955fb
                                                                                                                                                                                0x004955fb
                                                                                                                                                                                0x00495605
                                                                                                                                                                                0x00495605
                                                                                                                                                                                0x0049560f
                                                                                                                                                                                0x0049560f
                                                                                                                                                                                0x00495538
                                                                                                                                                                                0x0049551a
                                                                                                                                                                                0x0049550d
                                                                                                                                                                                0x004954df
                                                                                                                                                                                0x00495615
                                                                                                                                                                                0x00495619
                                                                                                                                                                                0x00495637
                                                                                                                                                                                0x00495637
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0049562e
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • FindWindowW.USER32(Progman,00000000), ref: 004954BE
                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 004954D5
                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 004954F4
                                                                                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,00000000), ref: 0049552B
                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,000F01FF,004DCC47), ref: 0049554B
                                                                                                                                                                                • DuplicateTokenEx.ADVAPI32(004DCC47,000F01FF,00000000,00000002,00000001,?), ref: 0049556C
                                                                                                                                                                                • LoadLibraryW.KERNEL32(AdvApi32), ref: 00495586
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CreateProcessAsUserW), ref: 0049559E
                                                                                                                                                                                • _memset.LIBCMT ref: 004955BC
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 004955F1
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 004955FB
                                                                                                                                                                                • CloseHandle.KERNEL32(004DCC47), ref: 00495605
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0049560F
                                                                                                                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000005), ref: 0049562E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Process$CloseHandle$LibraryOpenTokenWindow$AddressCurrentDuplicateExecuteFindFreeLoadProcShellThread_memset
                                                                                                                                                                                • String ID: AdvApi32$CreateProcessAsUserW$Progman$open
                                                                                                                                                                                • API String ID: 3124362906-4133358785
                                                                                                                                                                                • Opcode ID: c75cb5961ac8ebdc9207d7be92574acba839f84e1e4393d84f04d315e8a1b28b
                                                                                                                                                                                • Instruction ID: ede81cb90d584a8d042e1cf3f1dbbc8ceb3028ad12f52aa6004268a49ed220c0
                                                                                                                                                                                • Opcode Fuzzy Hash: c75cb5961ac8ebdc9207d7be92574acba839f84e1e4393d84f04d315e8a1b28b
                                                                                                                                                                                • Instruction Fuzzy Hash: BE514EB1A40208AFEF10DFA4DC49FEEBBB5BF58705F208429F605A62D0D7789944CB64
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0040B8E0, Relevance: 25.7, APIs: 17, Instructions: 192COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 97%
                                                                                                                                                                                			E0040B8E0(void* __ebx, PAINTSTRUCT* __ecx, void* __edi, void* __esi, void* __eflags, int* _a16) {
				signed int _v8;
				struct tagPAINTSTRUCT _v76;
				struct tagRECT _v92;
				struct HBRUSH__* _v96;
				struct HDC__* _v100;
				struct tagPAINTSTRUCT _v164;
				struct HBITMAP__* _v168;
				struct tagRECT _v184;
				struct HDC__* _v188;
				struct HDC__* _v192;
				void* _v196;
				struct HBRUSH__* _v200;
				PAINTSTRUCT* _v204;
				intOrPtr* _v208;
				signed int _t75;
				void* _t80;
				void* _t123;
				void* _t169;
				void* _t170;
				signed int _t171;

				_t170 = __esi;
				_t169 = __edi;
				_t123 = __ebx;
				_t75 =  *0x561244; // 0x554c9ad9
				_v8 = _t75 ^ _t171;
				_v204 = __ecx;
				if((E00412640(_v204 + 0x70, 0) & 0x000000ff) == 0) {
					if(E0041D530(_v204 + 0x70) == 0 || ( *(_v204 + 0x98) >> 0x00000003 & 0x00000001) == 0) {
						_t154 = _a16;
						 *_a16 = 0;
						_t80 = 0;
					} else {
						_t154 = _v204;
						_v188 = BeginPaint( *(_v204 + 4),  &_v164);
						if(_v188 != 0) {
							E00416BC0(_v204 + 4,  &_v184);
							_v168 = CreateCompatibleBitmap(_v188, _v184.right - _v184.left, _v184.bottom - _v184.top);
							if(_v168 != 0) {
								_v192 = CreateCompatibleDC(_v188);
								if(_v192 != 0) {
									_v196 = SelectObject(_v192, _v168);
									if(_v196 != 0) {
										_v200 = CreateSolidBrush( *(_v204 + 0xcc));
										if(_v200 != 0) {
											FillRect(_v192,  &_v184, _v200);
											DeleteObject(_v200);
											_v208 = E0041D530(_v204 + 0x70);
											 *((intOrPtr*)( *((intOrPtr*)( *_v208 + 0xc))))(_v208, 1, 0xffffffff, 0, 0, 0, _v192, _v204 + 0xb4, _v204 + 0xb4, 0, 0);
											BitBlt(_v188, 0, 0, _v184.right, _v184.bottom, _v192, 0, 0, 0xcc0020);
										}
										SelectObject(_v192, _v196);
									}
									DeleteDC(_v192);
								}
								DeleteObject(_v168);
							}
							_t154 =  &_v164;
							EndPaint( *(_v204 + 4),  &_v164);
							_t80 = 1;
						} else {
							_t80 = 0;
						}
					}
				} else {
					_t154 = _v204;
					_v100 = BeginPaint( *(_v204 + 4),  &_v76);
					if(_v100 != 0) {
						E00416BC0(_v204 + 4,  &_v92);
						_v96 = CreateSolidBrush( *(_v204 + 0xcc));
						if(_v96 != 0) {
							FillRect(_v100,  &_v92, _v96);
							DeleteObject(_v96);
						}
						_t154 =  &_v76;
						EndPaint( *(_v204 + 4),  &_v76);
						_t80 = 1;
					} else {
						_t80 = 0;
					}
				}
				return E0044F6C8(_t80, _t123, _v8 ^ _t171, _t154, _t169, _t170);
			}























                                                                                                                                                                                0x0040b8e0
                                                                                                                                                                                0x0040b8e0
                                                                                                                                                                                0x0040b8e0
                                                                                                                                                                                0x0040b8e9
                                                                                                                                                                                0x0040b8f0
                                                                                                                                                                                0x0040b8f3
                                                                                                                                                                                0x0040b90e
                                                                                                                                                                                0x0040b9b0
                                                                                                                                                                                0x0040bbab
                                                                                                                                                                                0x0040bbae
                                                                                                                                                                                0x0040bbb4
                                                                                                                                                                                0x0040b9ce
                                                                                                                                                                                0x0040b9d5
                                                                                                                                                                                0x0040b9e5
                                                                                                                                                                                0x0040b9f2
                                                                                                                                                                                0x0040ba0b
                                                                                                                                                                                0x0040ba37
                                                                                                                                                                                0x0040ba44
                                                                                                                                                                                0x0040ba57
                                                                                                                                                                                0x0040ba64
                                                                                                                                                                                0x0040ba7e
                                                                                                                                                                                0x0040ba8b
                                                                                                                                                                                0x0040baa4
                                                                                                                                                                                0x0040bab1
                                                                                                                                                                                0x0040bacc
                                                                                                                                                                                0x0040bad9
                                                                                                                                                                                0x0040baed
                                                                                                                                                                                0x0040bb33
                                                                                                                                                                                0x0040bb5e
                                                                                                                                                                                0x0040bb5e
                                                                                                                                                                                0x0040bb72
                                                                                                                                                                                0x0040bb72
                                                                                                                                                                                0x0040bb7f
                                                                                                                                                                                0x0040bb7f
                                                                                                                                                                                0x0040bb8c
                                                                                                                                                                                0x0040bb8c
                                                                                                                                                                                0x0040bb92
                                                                                                                                                                                0x0040bba3
                                                                                                                                                                                0x0040bbb8
                                                                                                                                                                                0x0040b9f4
                                                                                                                                                                                0x0040b9f4
                                                                                                                                                                                0x0040b9f4
                                                                                                                                                                                0x0040b9f2
                                                                                                                                                                                0x0040b914
                                                                                                                                                                                0x0040b918
                                                                                                                                                                                0x0040b928
                                                                                                                                                                                0x0040b92f
                                                                                                                                                                                0x0040b945
                                                                                                                                                                                0x0040b95d
                                                                                                                                                                                0x0040b964
                                                                                                                                                                                0x0040b972
                                                                                                                                                                                0x0040b97c
                                                                                                                                                                                0x0040b97c
                                                                                                                                                                                0x0040b982
                                                                                                                                                                                0x0040b990
                                                                                                                                                                                0x0040b996
                                                                                                                                                                                0x0040b931
                                                                                                                                                                                0x0040b931
                                                                                                                                                                                0x0040b931
                                                                                                                                                                                0x0040b92f
                                                                                                                                                                                0x0040bbca

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Paint$Begin$BrushCreateDeleteFillObjectRectSolid
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1228145086-0
                                                                                                                                                                                • Opcode ID: 979a330e3920737d0a737c78428a28417167aafa3c480625b42e8417f8bfcf09
                                                                                                                                                                                • Instruction ID: 07e828fef3e79d3fcd88d721f4db20fa4bdc09ad6a6a4917d27f04c689f7129b
                                                                                                                                                                                • Opcode Fuzzy Hash: 979a330e3920737d0a737c78428a28417167aafa3c480625b42e8417f8bfcf09
                                                                                                                                                                                • Instruction Fuzzy Hash: 0B81FA71A00218DFEB64DBA4CC58F9AB775FB48304F0086D9E60DA7290DB74AE84CF59
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00415CA0, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 60%
                                                                                                                                                                                			E00415CA0(struct HWND__** __ecx, struct HWND__* _a4) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				struct tagRECT _v36;
				signed int _v40;
				struct HWND__* _v44;
				struct tagRECT _v60;
				struct tagRECT _v76;
				struct HMONITOR__* _v80;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				struct tagMONITORINFO _v120;
				int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				struct HWND__** _v140;
				long _t106;
				struct HMONITOR__* _t144;
				intOrPtr _t188;

				_v140 = __ecx;
				_v40 = E00416C00(_v140);
				if(_a4 == 0) {
					if((_v40 & 0x40000000) == 0) {
						_a4 = GetWindow( *_v140, 4);
					} else {
						_a4 = GetParent( *_v140);
					}
				}
				_t106 = GetWindowRect( *_v140,  &_v60);
				if((_v40 & 0x40000000) != 0) {
					_v44 = GetParent( *_v140);
					GetClientRect(_v44,  &_v76);
					GetClientRect(_a4,  &_v36);
					MapWindowPoints(_a4, _v44,  &_v36, 2);
					L24:
					_v16 = _v60.right - _v60.left;
					_t188 = _v60.bottom - _v60.top;
					_v20 = _t188;
					asm("cdq");
					asm("cdq");
					_v12 = (_v36.left + _v36.right - _t188 >> 1) - (_v16 - _t188 >> 1);
					asm("cdq");
					asm("cdq");
					_v8 = (_v36.top + _v36.bottom - _t188 >> 1) - (_v20 - _t188 >> 1);
					if(_v12 + _v16 > _v76.right) {
						_v12 = _v76.right - _v16;
					}
					if(_v12 < _v76.left) {
						_v12 = _v76.left;
					}
					if(_v8 + _v20 > _v76.bottom) {
						_v8 = _v76.bottom - _v20;
					}
					if(_v8 < _v76.top) {
						_v8 = _v76.top;
					}
					return SetWindowPos( *_v140, 0, _v12, _v8, 0xffffffff, 0xffffffff, 0x15);
				}
				if(_a4 != 0) {
					_t106 = GetWindowLongW(_a4, 0xfffffff0);
					_v128 = _t106;
					if((_v128 & 0x10000000) == 0 || (_v128 & 0x20000000) != 0) {
						_a4 = 0;
					}
				}
				_v80 = 0;
				if(_a4 == 0) {
					__imp__MonitorFromWindow( *_v140, 2);
					_v80 = _t106;
				} else {
					_t144 = _a4;
					__imp__MonitorFromWindow(_t144, 2);
					_v80 = _t144;
				}
				while(1) {
					_v132 = 0 | _v80 != 0x00000000;
					if(_v132 == 0) {
						break;
					}
					if(0 != 0) {
						continue;
					}
					_v120.cbSize = 0x28;
					_v124 = GetMonitorInfoW(_v80,  &_v120);
					while(1) {
						_v136 = 0 | _v124 != 0x00000000;
						if(_v136 == 0) {
							break;
						}
						if(0 != 0) {
							continue;
						}
						_v76.left = _v120.rcWork;
						_v76.top = _v96;
						_v76.right = _v92;
						_v76.bottom = _v88;
						if(_a4 != 0) {
							GetWindowRect(_a4,  &_v36);
						} else {
							_v36.left = _v76.left;
							_v36.top = _v76.top;
							_v36.right = _v76.right;
							_v36.bottom = _v76.bottom;
						}
						goto L24;
					}
					return 0;
				}
				return 0;
			}

























                                                                                                                                                                                0x00415ca9
                                                                                                                                                                                0x00415cba
                                                                                                                                                                                0x00415cc1
                                                                                                                                                                                0x00415ccb
                                                                                                                                                                                0x00415cf2
                                                                                                                                                                                0x00415ccd
                                                                                                                                                                                0x00415cdc
                                                                                                                                                                                0x00415cdc
                                                                                                                                                                                0x00415ccb
                                                                                                                                                                                0x00415d02
                                                                                                                                                                                0x00415d11
                                                                                                                                                                                0x00415e2a
                                                                                                                                                                                0x00415e35
                                                                                                                                                                                0x00415e43
                                                                                                                                                                                0x00415e57
                                                                                                                                                                                0x00415e5d
                                                                                                                                                                                0x00415e63
                                                                                                                                                                                0x00415e69
                                                                                                                                                                                0x00415e6c
                                                                                                                                                                                0x00415e75
                                                                                                                                                                                0x00415e7f
                                                                                                                                                                                0x00415e86
                                                                                                                                                                                0x00415e8f
                                                                                                                                                                                0x00415e99
                                                                                                                                                                                0x00415ea0
                                                                                                                                                                                0x00415eac
                                                                                                                                                                                0x00415eb4
                                                                                                                                                                                0x00415eb4
                                                                                                                                                                                0x00415ebd
                                                                                                                                                                                0x00415ec2
                                                                                                                                                                                0x00415ec2
                                                                                                                                                                                0x00415ece
                                                                                                                                                                                0x00415ed6
                                                                                                                                                                                0x00415ed6
                                                                                                                                                                                0x00415edf
                                                                                                                                                                                0x00415ee4
                                                                                                                                                                                0x00415ee4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00415f00
                                                                                                                                                                                0x00415d1b
                                                                                                                                                                                0x00415d23
                                                                                                                                                                                0x00415d29
                                                                                                                                                                                0x00415d35
                                                                                                                                                                                0x00415d42
                                                                                                                                                                                0x00415d42
                                                                                                                                                                                0x00415d35
                                                                                                                                                                                0x00415d49
                                                                                                                                                                                0x00415d54
                                                                                                                                                                                0x00415d72
                                                                                                                                                                                0x00415d78
                                                                                                                                                                                0x00415d56
                                                                                                                                                                                0x00415d58
                                                                                                                                                                                0x00415d5c
                                                                                                                                                                                0x00415d62
                                                                                                                                                                                0x00415d62
                                                                                                                                                                                0x00415d7b
                                                                                                                                                                                0x00415d84
                                                                                                                                                                                0x00415d8b
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00415d96
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00415d98
                                                                                                                                                                                0x00415dad
                                                                                                                                                                                0x00415db0
                                                                                                                                                                                0x00415db9
                                                                                                                                                                                0x00415dc6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00415dd1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00415dd6
                                                                                                                                                                                0x00415ddc
                                                                                                                                                                                0x00415de2
                                                                                                                                                                                0x00415de8
                                                                                                                                                                                0x00415def
                                                                                                                                                                                0x00415e13
                                                                                                                                                                                0x00415df1
                                                                                                                                                                                0x00415df4
                                                                                                                                                                                0x00415dfa
                                                                                                                                                                                0x00415e00
                                                                                                                                                                                0x00415e06
                                                                                                                                                                                0x00415e06
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00415e19
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00415dc8
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00416C00: GetWindowLongW.USER32(?,000000F0), ref: 00416C0F
                                                                                                                                                                                • GetParent.USER32 ref: 00415CD6
                                                                                                                                                                                • GetWindow.USER32(?,00000004), ref: 00415CEC
                                                                                                                                                                                • GetWindowRect.USER32 ref: 00415D02
                                                                                                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 00415D23
                                                                                                                                                                                • MonitorFromWindow.USER32(00000000,00000002), ref: 00415D5C
                                                                                                                                                                                • MonitorFromWindow.USER32(?,00000002), ref: 00415D72
                                                                                                                                                                                • GetMonitorInfoW.USER32 ref: 00415DA7
                                                                                                                                                                                • GetWindowRect.USER32 ref: 00415E13
                                                                                                                                                                                • GetParent.USER32(?), ref: 00415E24
                                                                                                                                                                                • GetClientRect.USER32 ref: 00415E35
                                                                                                                                                                                • GetClientRect.USER32 ref: 00415E43
                                                                                                                                                                                • MapWindowPoints.USER32 ref: 00415E57
                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,000000FF,000000FF,00000015,?,?), ref: 00415F00
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Rect$Monitor$ClientFromLongParent$InfoPoints
                                                                                                                                                                                • String ID: (
                                                                                                                                                                                • API String ID: 882428731-3887548279
                                                                                                                                                                                • Opcode ID: 371a9545e01ad43f0f03d9c5f56726953ec5271821ee1bc8f5d6ecfa1c19fa72
                                                                                                                                                                                • Instruction ID: caefe87467c79b1c1a426f3a6a43e1fc539b6a4d89845f412648e92d68bc3b50
                                                                                                                                                                                • Opcode Fuzzy Hash: 371a9545e01ad43f0f03d9c5f56726953ec5271821ee1bc8f5d6ecfa1c19fa72
                                                                                                                                                                                • Instruction Fuzzy Hash: 1591C674D00608DFDF14CFA8D988AEEBBB6BB88304F24C159E516A7394DB349A85CF54
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00494F60, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 98memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00494F60(void* __eflags, char _a4) {
				long _v8;
				void* _v12;
				void* _v16;
				void** _v20;
				long _v24;
				char* _v28;

				_v8 = 0x3000;
				if((E00494F20(__eflags) & 0x000000ff) != 0) {
					_v16 = 0;
					_t3 =  &_a4; // 0x4954ee
					_v12 = OpenProcess(0x1f0fff, 0,  *_t3);
					if(_v12 != 0) {
						if(OpenProcessToken(_v12, 0xf01ff,  &_v16) != 0) {
							_v20 = 0;
							_v24 = 0;
							if(GetTokenInformation(_v16, 0x19, 0, 0,  &_v24) == 0 && GetLastError() == 0x7a && _v24 != 0) {
								_v20 = HeapAlloc(GetProcessHeap(), 0, _v24);
							}
							if(_v20 != 0 && GetTokenInformation(_v16, 0x19, _v20, _v24,  &_v24) != 0) {
								_v28 = GetSidSubAuthorityCount( *_v20);
								if(_v28 != 0) {
									_v8 =  *(GetSidSubAuthority( *_v20, ( *_v28 & 0x000000ff) - 1));
								}
							}
							if(_v20 != 0) {
								HeapFree(GetProcessHeap(), 0, _v20);
							}
							CloseHandle(_v16);
						}
						CloseHandle(_v12);
					}
				}
				return _v8;
			}









                                                                                                                                                                                0x00494f66
                                                                                                                                                                                0x00494f77
                                                                                                                                                                                0x00494f7d
                                                                                                                                                                                0x00494f84
                                                                                                                                                                                0x00494f95
                                                                                                                                                                                0x00494f9c
                                                                                                                                                                                0x00494fb7
                                                                                                                                                                                0x00494fbd
                                                                                                                                                                                0x00494fc4
                                                                                                                                                                                0x00494fe1
                                                                                                                                                                                0x00495007
                                                                                                                                                                                0x00495007
                                                                                                                                                                                0x0049500e
                                                                                                                                                                                0x00495038
                                                                                                                                                                                0x0049503f
                                                                                                                                                                                0x00495059
                                                                                                                                                                                0x00495059
                                                                                                                                                                                0x0049503f
                                                                                                                                                                                0x00495060
                                                                                                                                                                                0x0049506f
                                                                                                                                                                                0x0049506f
                                                                                                                                                                                0x00495079
                                                                                                                                                                                0x00495079
                                                                                                                                                                                0x00495083
                                                                                                                                                                                0x00495083
                                                                                                                                                                                0x00494f9c
                                                                                                                                                                                0x0049508f

                                                                                                                                                                                APIs
                                                                                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,TI), ref: 00494F8F
                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,000F01FF,00000000), ref: 00494FAF
                                                                                                                                                                                • GetTokenInformation.ADVAPI32(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00494FD9
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00494FE3
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00494FFA
                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00495001
                                                                                                                                                                                • GetTokenInformation.ADVAPI32(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00495022
                                                                                                                                                                                • GetSidSubAuthorityCount.ADVAPI32(00000000), ref: 00495032
                                                                                                                                                                                • GetSidSubAuthority.ADVAPI32(00000000), ref: 00495051
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00495068
                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 0049506F
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00495079
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00495083
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HeapProcess$Token$AuthorityCloseHandleInformationOpen$AllocCountErrorFreeLast
                                                                                                                                                                                • String ID: TI
                                                                                                                                                                                • API String ID: 450452593-904328696
                                                                                                                                                                                • Opcode ID: 383203ce0c10d7db99602d8c6fbeb3b5862c58af5cfa7231f5a60be066de4712
                                                                                                                                                                                • Instruction ID: edd17054b5bd476a9413c6e0e80b0268b284cd7ee6b01c9050d968d219a2ff58
                                                                                                                                                                                • Opcode Fuzzy Hash: 383203ce0c10d7db99602d8c6fbeb3b5862c58af5cfa7231f5a60be066de4712
                                                                                                                                                                                • Instruction Fuzzy Hash: 0A412A74A00209EFEB14DFE4DC48BBFBBB8BB48305F208559E611A7290C7749A44DBA1
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00411B30, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                			E00411B30(void* __ebx, signed int __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				char _v16;
				void* _v20;
				signed int _v28;
				signed int _v32;
				intOrPtr _v40;
				char _v48;
				signed int _v52;
				char _v124;
				signed char _v129;
				signed char _v130;
				signed int _v131;
				signed char _v132;
				short _v136;
				void _v152;
				struct HDC__* _v156;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed short _v174;
				short _v176;
				intOrPtr _v180;
				signed int _v184;
				intOrPtr _v188;
				char _v192;
				intOrPtr _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				signed int _t79;
				signed int _t80;
				intOrPtr _t84;
				signed int _t101;
				void* _t118;
				intOrPtr _t138;
				void* _t148;
				void* _t149;
				signed int _t150;

				_t149 = __esi;
				_t148 = __edi;
				_t142 = __edx;
				_t118 = __ebx;
				_push(0xffffffff);
				_push(0x513f18);
				_push( *[fs:0x0]);
				_t79 =  *0x561244; // 0x554c9ad9
				_t80 = _t79 ^ _t150;
				_v52 = _t80;
				_push(_t80);
				 *[fs:0x0] =  &_v16;
				if(_a8 != 0) {
					 *_a8 = 0;
					if((E00412640(_a4 + 0x8c, 0) & 0x000000ff) == 0) {
						L17:
						_t84 = E0040F0D0(_a4 + 0x8c, _a8);
					} else {
						_v40 = E00417320();
						_t129 =  &_v48;
						E00413100( &_v48);
						_v8 = 0;
						_v20 = GetStockObject(0x11);
						if(_v20 == 0) {
							_v20 = GetStockObject(0xd);
						}
						if(_v20 != 0) {
							GetObjectW(_v20, 0x5c,  &_v152);
							_v192 = 0x20;
							_v188 = E00415110( &_v124);
							_v176 = _v136;
							_v174 = _v129 & 0x000000ff;
							_v172 = _v132 & 0x000000ff;
							_t142 = _v131 & 0x000000ff;
							_v168 = _v131 & 0x000000ff;
							_v164 = _v130 & 0x000000ff;
							_t132 = _v152;
							_v28 = _v152;
							if(_v28 < 0) {
								_t142 =  ~_v28;
								_v28 =  ~_v28;
							}
							if( *(_a4 - 0x48) == 0) {
								_v156 = GetDC(GetDesktopWindow());
								if(_v156 != 0) {
									_v32 = GetDeviceCaps(_v156, 0x5a);
									ReleaseDC(GetDesktopWindow(), _v156);
									goto L16;
								} else {
									_v204 = E00411B10(_t132);
									_v8 = 0xffffffff;
									E00417350( &_v48);
									_t84 = _v204;
								}
							} else {
								_t138 = _a4;
								_t142 =  *(_t138 - 0x48);
								_v156 = GetDC( *(_t138 - 0x48));
								if(_v156 != 0) {
									_v32 = GetDeviceCaps(_v156, 0x5a);
									ReleaseDC( *(_a4 - 0x48), _v156);
									L16:
									_t101 = _v28 * 0xafc80;
									asm("cdq");
									_t142 = _t101 % _v32;
									_v184 = _t101 / _v32;
									_v180 = 0;
									__imp__#420( &_v192, 0x53bb74, E00434050(_a4 + 0x8c));
									_v8 = 0xffffffff;
									E00417350( &_v48);
									goto L17;
								} else {
									_v200 = E00411B10(_t138);
									_v8 = 0xffffffff;
									E00417350( &_v48);
									_t84 = _v200;
								}
							}
						} else {
							_v196 = E00411B10(_t129);
							_v8 = 0xffffffff;
							E00417350( &_v48);
							_t84 = _v196;
						}
					}
				} else {
					_t84 = 0x80004003;
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t84, _t118, _v52 ^ _t150, _t142, _t148, _t149);
			}








































                                                                                                                                                                                0x00411b30
                                                                                                                                                                                0x00411b30
                                                                                                                                                                                0x00411b30
                                                                                                                                                                                0x00411b30
                                                                                                                                                                                0x00411b33
                                                                                                                                                                                0x00411b35
                                                                                                                                                                                0x00411b40
                                                                                                                                                                                0x00411b47
                                                                                                                                                                                0x00411b4c
                                                                                                                                                                                0x00411b4e
                                                                                                                                                                                0x00411b51
                                                                                                                                                                                0x00411b55
                                                                                                                                                                                0x00411b5f
                                                                                                                                                                                0x00411b6e
                                                                                                                                                                                0x00411b89
                                                                                                                                                                                0x00411d91
                                                                                                                                                                                0x00411d9e
                                                                                                                                                                                0x00411b8f
                                                                                                                                                                                0x00411b94
                                                                                                                                                                                0x00411b97
                                                                                                                                                                                0x00411b9a
                                                                                                                                                                                0x00411b9f
                                                                                                                                                                                0x00411bae
                                                                                                                                                                                0x00411bb5
                                                                                                                                                                                0x00411bbf
                                                                                                                                                                                0x00411bbf
                                                                                                                                                                                0x00411bc6
                                                                                                                                                                                0x00411bfa
                                                                                                                                                                                0x00411c00
                                                                                                                                                                                0x00411c16
                                                                                                                                                                                0x00411c23
                                                                                                                                                                                0x00411c2f
                                                                                                                                                                                0x00411c3a
                                                                                                                                                                                0x00411c40
                                                                                                                                                                                0x00411c44
                                                                                                                                                                                0x00411c4e
                                                                                                                                                                                0x00411c54
                                                                                                                                                                                0x00411c5a
                                                                                                                                                                                0x00411c61
                                                                                                                                                                                0x00411c66
                                                                                                                                                                                0x00411c68
                                                                                                                                                                                0x00411c68
                                                                                                                                                                                0x00411c72
                                                                                                                                                                                0x00411cea
                                                                                                                                                                                0x00411cf7
                                                                                                                                                                                0x00411d2d
                                                                                                                                                                                0x00411d3e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00411cf9
                                                                                                                                                                                0x00411cfe
                                                                                                                                                                                0x00411d04
                                                                                                                                                                                0x00411d0e
                                                                                                                                                                                0x00411d13
                                                                                                                                                                                0x00411d13
                                                                                                                                                                                0x00411c74
                                                                                                                                                                                0x00411c74
                                                                                                                                                                                0x00411c77
                                                                                                                                                                                0x00411c81
                                                                                                                                                                                0x00411c8e
                                                                                                                                                                                0x00411cc4
                                                                                                                                                                                0x00411cd5
                                                                                                                                                                                0x00411d44
                                                                                                                                                                                0x00411d47
                                                                                                                                                                                0x00411d4d
                                                                                                                                                                                0x00411d4e
                                                                                                                                                                                0x00411d51
                                                                                                                                                                                0x00411d57
                                                                                                                                                                                0x00411d7c
                                                                                                                                                                                0x00411d82
                                                                                                                                                                                0x00411d8c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00411c90
                                                                                                                                                                                0x00411c95
                                                                                                                                                                                0x00411c9b
                                                                                                                                                                                0x00411ca5
                                                                                                                                                                                0x00411caa
                                                                                                                                                                                0x00411caa
                                                                                                                                                                                0x00411c8e
                                                                                                                                                                                0x00411bc8
                                                                                                                                                                                0x00411bcd
                                                                                                                                                                                0x00411bd3
                                                                                                                                                                                0x00411bdd
                                                                                                                                                                                0x00411be2
                                                                                                                                                                                0x00411be2
                                                                                                                                                                                0x00411bc6
                                                                                                                                                                                0x00411b61
                                                                                                                                                                                0x00411b61
                                                                                                                                                                                0x00411b61
                                                                                                                                                                                0x00411da6
                                                                                                                                                                                0x00411dbb

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00411BA8
                                                                                                                                                                                • GetStockObject.GDI32(0000000D), ref: 00411BB9
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ObjectStock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3428563643-3916222277
                                                                                                                                                                                • Opcode ID: 9b1a264db2cb702789ca39313b2bd7c77a772eeb26aab85bd3ebce3a5b6c2027
                                                                                                                                                                                • Instruction ID: 7b6f1a3cd9b7b8c1032d4b7fe158fce2d146cc943c6786df9d5a46ae891e121d
                                                                                                                                                                                • Opcode Fuzzy Hash: 9b1a264db2cb702789ca39313b2bd7c77a772eeb26aab85bd3ebce3a5b6c2027
                                                                                                                                                                                • Instruction Fuzzy Hash: C0713A74D04218DFDB14DFA4D855BEEBBB0FF08310F10829AE629A7291DB785A84CF55
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004F3900, Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 372COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                                                			E004F3900(void* __ebx, signed int* __ecx, signed int __edx, void* __edi, void* __fp0, intOrPtr _a8, signed int _a12) {
				char _v8;
				char _v16;
				signed int _v17;
				signed int _v24;
				char _v28;
				intOrPtr _v32;
				signed int _v36;
				char _v64;
				char _v68;
				char _v100;
				intOrPtr _v104;
				char _v622;
				short _v624;
				signed int _v632;
				char _v640;
				intOrPtr _v652;
				intOrPtr _v656;
				char* _v660;
				WCHAR* _v664;
				intOrPtr _v668;
				char _v672;
				signed int _v676;
				char _v696;
				char _v700;
				char _v704;
				char _v708;
				char _v712;
				char _v744;
				char _v745;
				char _v746;
				signed int _v747;
				char _v780;
				char _v781;
				signed int* _v788;
				intOrPtr _v792;
				void* __esi;
				signed int _t148;
				signed int _t149;
				signed int* _t155;
				signed char _t157;
				void* _t161;
				short _t170;
				signed int _t174;
				void* _t180;
				signed int _t192;
				signed int _t194;
				signed int _t196;
				signed int* _t225;
				signed int _t226;
				signed int _t228;
				void* _t229;
				void* _t238;
				signed int* _t262;
				void* _t339;
				void* _t341;
				signed int _t342;
				void* _t343;
				void* _t344;
				void* _t346;
				void* _t352;

				_t352 = __fp0;
				_t339 = __edi;
				_t323 = __edx;
				_t238 = __ebx;
				_push(0xffffffff);
				_push(0x511013);
				_push( *[fs:0x0]);
				_t344 = _t343 - 0x308;
				_t148 =  *0x561244; // 0x554c9ad9
				_t149 = _t148 ^ _t342;
				_v36 = _t149;
				_push(_t340);
				_push(_t149);
				 *[fs:0x0] =  &_v16;
				_v788 = __ecx;
				if(_a8 == 1 || _a8 == 2) {
					if(E004150F0(0x5c1160) != _a12) {
						_v17 = E00404730(0x5c1160, 0xffffffff);
						E004D5110(_t238, _t339, _t340, _a12);
						_push(0);
						_push(0);
						_push(1);
						_push(0x2e);
						_push(0xffffffff);
						_t155 = E00416210( &(_v788[0x21]),  &_v704);
						_t323 =  *_t155;
						_push( *_t155);
						_push(0x5be034);
						E0049C910();
						_t344 = _t344 + 0x20;
						_t340 = _v17 & 0x000000ff;
						_t157 = E00404730(0x5c1160, 0xffffffff);
						__eflags = (_v17 & 0x000000ff) - (_t157 & 0x000000ff);
						if((_v17 & 0x000000ff) != (_t157 & 0x000000ff)) {
							_v24 = E00416BE0(E00416210( &(_v788[0x21]),  &_v708)) ^ 0x00003000;
							_t323 = _v24;
							__eflags =  &(_v788[0x21]);
							E00415FF0(E00416210( &(_v788[0x21]),  &_v712), 0xffffffec, _v24);
						}
						E00417910(L"UIL", E00434050( &_v745));
						_v8 = 0;
						_t161 = E004150F0(0x5c1160);
						E005018F0(E00501CE0(), __eflags,  &_v744, _t161);
						_v8 = 0xffffffff;
						E004176E0();
						__eflags = _a8 - 1;
						if(_a8 != 1) {
							E00417660( &_v68, E00406870( &(_v788[0x47]), _v788[0x4b]));
							_v8 = 2;
							_v32 = E00405200( &_v64, __eflags, L"&lang=", 0);
							__eflags = _v32 - 0xffffffff;
							if(_v32 != 0xffffffff) {
								_v32 = _v32 + 6;
								_v104 = E004468C0( &_v64, 0x26, _v32);
								__eflags = _v104 - 0xffffffff;
								if(_v104 == 0xffffffff) {
									_v104 = E0042E0C0( &_v64);
								}
								E004175C0(E00434050( &_v746));
								_v8 = 3;
								E00405370( &_v100, E004150F0(0x5c1160), 0xa);
								__eflags =  &_v100;
								if( &_v100 == 0) {
									_v792 = 0;
								} else {
									_v792 =  &_v100 + 4;
								}
								E004051A0( &_v64, _v32, _v104 - _v32, _v792);
								_t323 = _v788[0x4b];
								__eflags =  &(_v788[0x47]);
								E004181D0(E00406870( &(_v788[0x47]), _v788[0x4b]),  &_v68);
								E004F0B90(_t238, _v788, _v788[0x4b], _t339, _t340, _v788[0x4b]);
								_v8 = 2;
								E004176E0();
							}
							_v8 = 0xffffffff;
							E004176E0();
							goto L19;
						}
						E00414C90();
						_v8 = 1;
						_t225 = _v788;
						_t323 =  *( *(_t225 + 0x5c));
						_t226 =  *( *( *(_t225 + 0x5c)))( &(_v788[0x17]), E00434050( &_v28));
						__eflags = _t226;
						if(_t226 == 0) {
							_t228 = E0041D530( &_v28);
							__eflags = _t228;
							if(_t228 != 0) {
								_t229 = E0041D530( &_v28);
								E004F9110(_t238, E00404AE0(), _t323, _t339, _t340, __eflags, _t229);
							}
						}
						_v8 = 0xffffffff;
						E0040D320();
						goto L19;
					} else {
						_t170 = 0;
						goto L38;
					}
				} else {
					L19:
					__eflags = _a8 - 3;
					if(_a8 == 3) {
						_v624 = 0;
						E00451D90(_t339,  &_v622, 0, 0x206);
						_t346 = _t344 + 0xc;
						E00416A10( &_v640);
						_v8 = 4;
						 *((intOrPtr*)( *((intOrPtr*)( *_v788 + 0x80))))(_v788, L"getBrowse", 0, 0,  &_v640);
						__eflags = _v632;
						if(_v632 != 0) {
							E0045184A( &_v624, _v632);
							_t346 = _t346 + 8;
						}
						_t192 = _v788[0x21];
						_v672 = _t192;
						_v668 = 0;
						_v664 =  &_v624;
						_v660 = L"Select Directory";
						_v656 = 3;
						_v652 = 0;
						_t323 =  &_v672;
						__imp__SHBrowseForFolderW( &_v672);
						_v676 = _t192;
						__eflags = _v676;
						if(_v676 != 0) {
							_t194 =  &_v624;
							__imp__SHGetPathFromIDListW(_v676, _t194);
							__eflags = _t194;
							if(_t194 != 0) {
								_t196 = StrStrIW( &_v624, E00403C30(0x5be390));
								__eflags = _t196;
								if(_t196 == 0) {
									PathAddBackslashW( &_v624);
									E0045181C( &_v624, E00403C30(0x5be390));
								}
								E004169E0( &_v696,  &_v624);
								_v8 = 5;
								_t323 =  *_v788;
								 *((intOrPtr*)( *((intOrPtr*)( *_v788 + 0x80))))(_v788, L"setBrowse",  &_v696, 1, 0);
								_v8 = 4;
								E00417430( &_v696);
							}
						}
						_v8 = 0xffffffff;
						E00417430( &_v640);
					}
					__eflags = _a8 - 4;
					if(_a8 == 4) {
						__eflags = _a12;
						if(_a12 != 0) {
							E00416A50( &_v700,  *_a12);
							_v8 = 6;
							E00417910(_v700, E00434050( &_v781));
							_v8 = 7;
							_t180 = E004F2A70(_t238, _v788, _t339, _t340, _t352,  &_v780, 1);
							__eflags = _t180 - 0xa;
							_v747 = 0 | _t180 == 0x0000000a;
							_v8 = 6;
							E004176E0();
							_t323 = _v747 & 0x000000ff;
							__eflags = _v747 & 0x000000ff;
							if((_v747 & 0x000000ff) != 0) {
								__eflags =  &(_v788[0x4d]);
								E00415F90( &_v700, E00416A30( &(_v788[0x4d])));
								E00415F50( &_v700, _a12);
							}
							_v8 = 0xffffffff;
							E00417300( &_v700);
						}
					}
					__eflags = _a8 - 5;
					if(_a8 == 5) {
						_t262 = _v788;
						_t323 =  *(_t262 + 0xf4) & 0x000000ff;
						__eflags =  *(_t262 + 0xf4) & 0x000000ff;
						if(( *(_t262 + 0xf4) & 0x000000ff) == 0) {
							_t323 = _v788;
							_t174 =  *((intOrPtr*)( *((intOrPtr*)( *_v788 + 0x28))))(_v788);
							__eflags = _t174;
							if(_t174 == 0) {
								 *0x5bdd20 = 2;
								E004EFD20(_v788);
							}
						}
					}
					_t170 = 0;
					__eflags = 0;
					L38:
					 *[fs:0x0] = _v16;
					_pop(_t341);
					return E0044F6C8(_t170, _t238, _v36 ^ _t342, _t323, _t339, _t341);
				}
			}































































                                                                                                                                                                                0x004f3900
                                                                                                                                                                                0x004f3900
                                                                                                                                                                                0x004f3900
                                                                                                                                                                                0x004f3900
                                                                                                                                                                                0x004f3903
                                                                                                                                                                                0x004f3905
                                                                                                                                                                                0x004f3910
                                                                                                                                                                                0x004f3911
                                                                                                                                                                                0x004f3917
                                                                                                                                                                                0x004f391c
                                                                                                                                                                                0x004f391e
                                                                                                                                                                                0x004f3921
                                                                                                                                                                                0x004f3922
                                                                                                                                                                                0x004f3926
                                                                                                                                                                                0x004f392c
                                                                                                                                                                                0x004f3936
                                                                                                                                                                                0x004f394f
                                                                                                                                                                                0x004f3964
                                                                                                                                                                                0x004f396b
                                                                                                                                                                                0x004f3973
                                                                                                                                                                                0x004f3975
                                                                                                                                                                                0x004f3977
                                                                                                                                                                                0x004f3979
                                                                                                                                                                                0x004f397b
                                                                                                                                                                                0x004f3990
                                                                                                                                                                                0x004f3995
                                                                                                                                                                                0x004f3997
                                                                                                                                                                                0x004f3998
                                                                                                                                                                                0x004f399d
                                                                                                                                                                                0x004f39a2
                                                                                                                                                                                0x004f39a5
                                                                                                                                                                                0x004f39b0
                                                                                                                                                                                0x004f39b8
                                                                                                                                                                                0x004f39ba
                                                                                                                                                                                0x004f39e0
                                                                                                                                                                                0x004f39e3
                                                                                                                                                                                0x004f39f6
                                                                                                                                                                                0x004f3a03
                                                                                                                                                                                0x004f3a03
                                                                                                                                                                                0x004f3a1f
                                                                                                                                                                                0x004f3a24
                                                                                                                                                                                0x004f3a30
                                                                                                                                                                                0x004f3a44
                                                                                                                                                                                0x004f3a49
                                                                                                                                                                                0x004f3a56
                                                                                                                                                                                0x004f3a5b
                                                                                                                                                                                0x004f3a5f
                                                                                                                                                                                0x004f3aeb
                                                                                                                                                                                0x004f3af0
                                                                                                                                                                                0x004f3b06
                                                                                                                                                                                0x004f3b09
                                                                                                                                                                                0x004f3b0d
                                                                                                                                                                                0x004f3b19
                                                                                                                                                                                0x004f3b2a
                                                                                                                                                                                0x004f3b2d
                                                                                                                                                                                0x004f3b31
                                                                                                                                                                                0x004f3b3b
                                                                                                                                                                                0x004f3b3b
                                                                                                                                                                                0x004f3b4d
                                                                                                                                                                                0x004f3b52
                                                                                                                                                                                0x004f3b66
                                                                                                                                                                                0x004f3b6e
                                                                                                                                                                                0x004f3b70
                                                                                                                                                                                0x004f3b80
                                                                                                                                                                                0x004f3b72
                                                                                                                                                                                0x004f3b78
                                                                                                                                                                                0x004f3b78
                                                                                                                                                                                0x004f3b9f
                                                                                                                                                                                0x004f3bae
                                                                                                                                                                                0x004f3bbb
                                                                                                                                                                                0x004f3bc8
                                                                                                                                                                                0x004f3be0
                                                                                                                                                                                0x004f3be5
                                                                                                                                                                                0x004f3bec
                                                                                                                                                                                0x004f3bec
                                                                                                                                                                                0x004f3bf1
                                                                                                                                                                                0x004f3bfb
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f3bfb
                                                                                                                                                                                0x004f3a64
                                                                                                                                                                                0x004f3a69
                                                                                                                                                                                0x004f3a82
                                                                                                                                                                                0x004f3a8c
                                                                                                                                                                                0x004f3a8e
                                                                                                                                                                                0x004f3a90
                                                                                                                                                                                0x004f3a92
                                                                                                                                                                                0x004f3a97
                                                                                                                                                                                0x004f3a9c
                                                                                                                                                                                0x004f3a9e
                                                                                                                                                                                0x004f3aa3
                                                                                                                                                                                0x004f3ab0
                                                                                                                                                                                0x004f3ab0
                                                                                                                                                                                0x004f3a9e
                                                                                                                                                                                0x004f3ab5
                                                                                                                                                                                0x004f3abf
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f3951
                                                                                                                                                                                0x004f3951
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f3951
                                                                                                                                                                                0x004f3c00
                                                                                                                                                                                0x004f3c00
                                                                                                                                                                                0x004f3c00
                                                                                                                                                                                0x004f3c04
                                                                                                                                                                                0x004f3c0c
                                                                                                                                                                                0x004f3c21
                                                                                                                                                                                0x004f3c26
                                                                                                                                                                                0x004f3c2f
                                                                                                                                                                                0x004f3c34
                                                                                                                                                                                0x004f3c60
                                                                                                                                                                                0x004f3c62
                                                                                                                                                                                0x004f3c69
                                                                                                                                                                                0x004f3c79
                                                                                                                                                                                0x004f3c7e
                                                                                                                                                                                0x004f3c7e
                                                                                                                                                                                0x004f3c87
                                                                                                                                                                                0x004f3c8d
                                                                                                                                                                                0x004f3c93
                                                                                                                                                                                0x004f3ca3
                                                                                                                                                                                0x004f3ca9
                                                                                                                                                                                0x004f3cb3
                                                                                                                                                                                0x004f3cbd
                                                                                                                                                                                0x004f3cc7
                                                                                                                                                                                0x004f3cce
                                                                                                                                                                                0x004f3cd4
                                                                                                                                                                                0x004f3cda
                                                                                                                                                                                0x004f3ce1
                                                                                                                                                                                0x004f3ce7
                                                                                                                                                                                0x004f3cf5
                                                                                                                                                                                0x004f3cfb
                                                                                                                                                                                0x004f3cfd
                                                                                                                                                                                0x004f3d15
                                                                                                                                                                                0x004f3d1b
                                                                                                                                                                                0x004f3d1d
                                                                                                                                                                                0x004f3d26
                                                                                                                                                                                0x004f3d3e
                                                                                                                                                                                0x004f3d43
                                                                                                                                                                                0x004f3d53
                                                                                                                                                                                0x004f3d58
                                                                                                                                                                                0x004f3d72
                                                                                                                                                                                0x004f3d81
                                                                                                                                                                                0x004f3d83
                                                                                                                                                                                0x004f3d8d
                                                                                                                                                                                0x004f3d8d
                                                                                                                                                                                0x004f3cfd
                                                                                                                                                                                0x004f3d92
                                                                                                                                                                                0x004f3d9f
                                                                                                                                                                                0x004f3d9f
                                                                                                                                                                                0x004f3da4
                                                                                                                                                                                0x004f3da8
                                                                                                                                                                                0x004f3dae
                                                                                                                                                                                0x004f3db2
                                                                                                                                                                                0x004f3dc4
                                                                                                                                                                                0x004f3dc9
                                                                                                                                                                                0x004f3de9
                                                                                                                                                                                0x004f3dee
                                                                                                                                                                                0x004f3e01
                                                                                                                                                                                0x004f3e08
                                                                                                                                                                                0x004f3e0e
                                                                                                                                                                                0x004f3e14
                                                                                                                                                                                0x004f3e1e
                                                                                                                                                                                0x004f3e23
                                                                                                                                                                                0x004f3e2a
                                                                                                                                                                                0x004f3e2c
                                                                                                                                                                                0x004f3e34
                                                                                                                                                                                0x004f3e46
                                                                                                                                                                                0x004f3e55
                                                                                                                                                                                0x004f3e55
                                                                                                                                                                                0x004f3e5a
                                                                                                                                                                                0x004f3e67
                                                                                                                                                                                0x004f3e67
                                                                                                                                                                                0x004f3db2
                                                                                                                                                                                0x004f3e6c
                                                                                                                                                                                0x004f3e70
                                                                                                                                                                                0x004f3e72
                                                                                                                                                                                0x004f3e78
                                                                                                                                                                                0x004f3e7f
                                                                                                                                                                                0x004f3e81
                                                                                                                                                                                0x004f3e8b
                                                                                                                                                                                0x004f3e95
                                                                                                                                                                                0x004f3e97
                                                                                                                                                                                0x004f3e99
                                                                                                                                                                                0x004f3e9b
                                                                                                                                                                                0x004f3eab
                                                                                                                                                                                0x004f3eab
                                                                                                                                                                                0x004f3e99
                                                                                                                                                                                0x004f3e81
                                                                                                                                                                                0x004f3eb0
                                                                                                                                                                                0x004f3eb0
                                                                                                                                                                                0x004f3eb2
                                                                                                                                                                                0x004f3eb5
                                                                                                                                                                                0x004f3ebd
                                                                                                                                                                                0x004f3ecb
                                                                                                                                                                                0x004f3ecb

                                                                                                                                                                                APIs
                                                                                                                                                                                • _Immortalize.LIBCPMTD ref: 004F3AA9
                                                                                                                                                                                  • Part of subcall function 00416BE0: GetWindowLongW.USER32(00000000,000000EC), ref: 00416BEF
                                                                                                                                                                                  • Part of subcall function 00415FF0: SetWindowLongW.USER32 ref: 00416005
                                                                                                                                                                                • _memset.LIBCMT ref: 004F3C21
                                                                                                                                                                                • _wcscpy.LIBCMT ref: 004F3C79
                                                                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 004F3CCE
                                                                                                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 004F3CF5
                                                                                                                                                                                • StrStrIW.SHLWAPI(?,00000000,?,?,?,?,?,?,00000000), ref: 004F3D15
                                                                                                                                                                                • PathAddBackslashW.SHLWAPI(?,?,?,?,?,?,?,00000000), ref: 004F3D26
                                                                                                                                                                                • _wcscat.LIBCMT ref: 004F3D3E
                                                                                                                                                                                  • Part of subcall function 00416210: GetParent.USER32(-00000084), ref: 0041621D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LongPathWindow$BackslashBrowseFolderFromImmortalizeListParent_memset_wcscat_wcscpy
                                                                                                                                                                                • String ID: &lang=$UIL$getBrowse$setBrowse
                                                                                                                                                                                • API String ID: 2266113042-1634581760
                                                                                                                                                                                • Opcode ID: c06cd0efeb2e2004a4648acc1ff3cbb8c19ce51fe864f3e90ee47e5fb374a57f
                                                                                                                                                                                • Instruction ID: 34c5fbb723b45cc8b5dfb8bcc746612e15db10846e2642f8c25bc08d6d22922c
                                                                                                                                                                                • Opcode Fuzzy Hash: c06cd0efeb2e2004a4648acc1ff3cbb8c19ce51fe864f3e90ee47e5fb374a57f
                                                                                                                                                                                • Instruction Fuzzy Hash: 6BF16D709042189BCB28EFA5CC55BEEB779AF44304F1085AEE119A72D1DB786F84CF58
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00412D60, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 141registrywindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                			E00412D60(void* __edi, void* __eflags) {
				struct HINSTANCE__* _v8;
				char _v16;
				char _v24;
				int _v28;
				struct _WNDCLASSEXW _v76;
				signed int _v80;
				signed int _v84;
				struct HINSTANCE__* _v88;
				struct HINSTANCE__* _v92;
				signed int _t62;
				WCHAR* _t70;
				struct HINSTANCE__* _t75;
				WCHAR* _t77;
				void* _t112;
				signed int _t113;
				void* _t117;

				_t117 = __eflags;
				_t111 = __edi;
				_push(0xffffffff);
				_push(0x5183b8);
				_push( *[fs:0x0]);
				_t62 =  *0x561244; // 0x554c9ad9
				_push(_t62 ^ _t113);
				 *[fs:0x0] =  &_v16;
				E00416D10( &_v24, 0x5bc850, 0);
				_v8 = 0;
				if(E00416DB0( &_v24, _t117) >= 0) {
					 *0x5c1b04 = RegisterWindowMessageW(L"WM_ATLGETHOST");
					 *0x5c1b08 = RegisterWindowMessageW(L"WM_ATLGETCONTROL");
					_v76.cbSize = 0x30;
					_t70 = E0040B160();
					_v28 = GetClassInfoExW(E004150F0(0x5bc878), _t70,  &_v76);
					__eflags = _v28;
					if(_v28 == 0) {
						_v76.cbSize = 0x30;
						_v76.style = 8;
						_v76.lpfnWndProc =  &M004F1120;
						_v76.cbClsExtra = 0;
						_v76.cbWndExtra = 0;
						_v76.hInstance = E004150F0(0x5bc878);
						_v76.hIcon = 0;
						_v76.hCursor = LoadCursorW(0, 0x7f00);
						_v76.hbrBackground = 6;
						_v76.lpszMenuName = 0;
						_v76.lpszClassName = E0040B160();
						_v76.hIconSm = 0;
						_v80 = RegisterClassExW( &_v76);
						__eflags = _v80 & 0x0000ffff;
						if((_v80 & 0x0000ffff) == 0) {
							_v28 = 0;
						} else {
							E00414570(0x5bc86c, __edi, _t112,  &_v80);
							_v28 = 1;
						}
					}
					__eflags = _v28;
					if(_v28 != 0) {
						E00451D90(_t111,  &_v76, 0, 0x30);
						_v76.cbSize = 0x30;
						_t77 = E00412D50();
						_v28 = GetClassInfoExW(E004150F0(0x5bc878), _t77,  &_v76);
						__eflags = _v28;
						if(_v28 == 0) {
							_v76.cbSize = 0x30;
							_v76.style = 8;
							_v76.lpfnWndProc =  &M004F1DE0;
							_v76.cbClsExtra = 0;
							_v76.cbWndExtra = 0;
							_v76.hInstance = E004150F0(0x5bc878);
							_v76.hIcon = 0;
							_v76.hCursor = LoadCursorW(0, 0x7f00);
							_v76.hbrBackground = 6;
							_v76.lpszMenuName = 0;
							_v76.lpszClassName = E00412D50();
							_v76.hIconSm = 0;
							_v84 = RegisterClassExW( &_v76);
							__eflags = _v84 & 0x0000ffff;
							if((_v84 & 0x0000ffff) == 0) {
								_v28 = 0;
							} else {
								E00414570(0x5bc86c, _t111, _t112,  &_v84);
								_v28 = 1;
							}
						}
					}
					_v92 = _v28;
					_v8 = 0xffffffff;
					E00416D90( &_v24);
					_t75 = _v92;
					goto L12;
				} else {
					_v88 = 0;
					_v8 = 0xffffffff;
					E00416D90( &_v24);
					_t75 = _v88;
					L12:
					 *[fs:0x0] = _v16;
					return _t75;
				}
			}



















                                                                                                                                                                                0x00412d60
                                                                                                                                                                                0x00412d60
                                                                                                                                                                                0x00412d63
                                                                                                                                                                                0x00412d65
                                                                                                                                                                                0x00412d70
                                                                                                                                                                                0x00412d74
                                                                                                                                                                                0x00412d7b
                                                                                                                                                                                0x00412d7f
                                                                                                                                                                                0x00412d8f
                                                                                                                                                                                0x00412d94
                                                                                                                                                                                0x00412da5
                                                                                                                                                                                0x00412dd0
                                                                                                                                                                                0x00412de0
                                                                                                                                                                                0x00412de5
                                                                                                                                                                                0x00412df0
                                                                                                                                                                                0x00412e07
                                                                                                                                                                                0x00412e0a
                                                                                                                                                                                0x00412e0e
                                                                                                                                                                                0x00412e14
                                                                                                                                                                                0x00412e1b
                                                                                                                                                                                0x00412e22
                                                                                                                                                                                0x00412e29
                                                                                                                                                                                0x00412e30
                                                                                                                                                                                0x00412e41
                                                                                                                                                                                0x00412e44
                                                                                                                                                                                0x00412e58
                                                                                                                                                                                0x00412e5b
                                                                                                                                                                                0x00412e62
                                                                                                                                                                                0x00412e6e
                                                                                                                                                                                0x00412e71
                                                                                                                                                                                0x00412e82
                                                                                                                                                                                0x00412e8a
                                                                                                                                                                                0x00412e8c
                                                                                                                                                                                0x00412ea5
                                                                                                                                                                                0x00412e8e
                                                                                                                                                                                0x00412e97
                                                                                                                                                                                0x00412e9c
                                                                                                                                                                                0x00412e9c
                                                                                                                                                                                0x00412e8c
                                                                                                                                                                                0x00412eac
                                                                                                                                                                                0x00412eb0
                                                                                                                                                                                0x00412ebe
                                                                                                                                                                                0x00412ec6
                                                                                                                                                                                0x00412ed1
                                                                                                                                                                                0x00412ee8
                                                                                                                                                                                0x00412eeb
                                                                                                                                                                                0x00412eef
                                                                                                                                                                                0x00412ef5
                                                                                                                                                                                0x00412efc
                                                                                                                                                                                0x00412f03
                                                                                                                                                                                0x00412f0a
                                                                                                                                                                                0x00412f11
                                                                                                                                                                                0x00412f22
                                                                                                                                                                                0x00412f25
                                                                                                                                                                                0x00412f39
                                                                                                                                                                                0x00412f3c
                                                                                                                                                                                0x00412f43
                                                                                                                                                                                0x00412f4f
                                                                                                                                                                                0x00412f52
                                                                                                                                                                                0x00412f63
                                                                                                                                                                                0x00412f6b
                                                                                                                                                                                0x00412f6d
                                                                                                                                                                                0x00412f86
                                                                                                                                                                                0x00412f6f
                                                                                                                                                                                0x00412f78
                                                                                                                                                                                0x00412f7d
                                                                                                                                                                                0x00412f7d
                                                                                                                                                                                0x00412f6d
                                                                                                                                                                                0x00412eef
                                                                                                                                                                                0x00412f90
                                                                                                                                                                                0x00412f93
                                                                                                                                                                                0x00412f9d
                                                                                                                                                                                0x00412fa2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00412da7
                                                                                                                                                                                0x00412da7
                                                                                                                                                                                0x00412dae
                                                                                                                                                                                0x00412db8
                                                                                                                                                                                0x00412dbd
                                                                                                                                                                                0x00412fa5
                                                                                                                                                                                0x00412fa8
                                                                                                                                                                                0x00412fb3
                                                                                                                                                                                0x00412fb3

                                                                                                                                                                                APIs
                                                                                                                                                                                • RegisterWindowMessageW.USER32(WM_ATLGETHOST,005BC850,00000000,554C9AD9,?,?,?,?,?,?,?,?,?,00000000,005183B8,000000FF), ref: 00412DCA
                                                                                                                                                                                • RegisterWindowMessageW.USER32(WM_ATLGETCONTROL,?,?,?,?,?,?,?,?,?,00000000,005183B8,000000FF,?,0040A2D8,00409C40), ref: 00412DDA
                                                                                                                                                                                • GetClassInfoExW.USER32 ref: 00412E01
                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00412E52
                                                                                                                                                                                • RegisterClassExW.USER32 ref: 00412E7C
                                                                                                                                                                                • _memset.LIBCMT ref: 00412EBE
                                                                                                                                                                                • GetClassInfoExW.USER32 ref: 00412EE2
                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00412F33
                                                                                                                                                                                • RegisterClassExW.USER32 ref: 00412F5D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClassRegister$CursorInfoLoadMessageWindow$_memset
                                                                                                                                                                                • String ID: 0$WM_ATLGETCONTROL$WM_ATLGETHOST
                                                                                                                                                                                • API String ID: 1979984324-556241384
                                                                                                                                                                                • Opcode ID: 98de1ba3a8d8b56333b70a12dcfd8303c53db3e348be417c87b99f726e3b13e3
                                                                                                                                                                                • Instruction ID: 258aefe00074db0959d0ba01dbe9fda0cd94ce505775ef1cbfd49d6b95fdbca9
                                                                                                                                                                                • Opcode Fuzzy Hash: 98de1ba3a8d8b56333b70a12dcfd8303c53db3e348be417c87b99f726e3b13e3
                                                                                                                                                                                • Instruction Fuzzy Hash: AE51E4B0D002099FEB10DFE5D9597EEBFB4FF08305F10411AE505B6290EBB95989CBA9
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00420290, Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 387memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                			E00420290(intOrPtr __ecx, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v64;
				char _v92;
				intOrPtr _v96;
				signed int _t94;
				intOrPtr* _t103;
				intOrPtr* _t104;
				char* _t107;
				intOrPtr* _t113;
				intOrPtr* _t117;
				char* _t122;
				intOrPtr* _t125;
				intOrPtr* _t134;
				intOrPtr* _t137;
				intOrPtr* _t149;
				char* _t156;
				intOrPtr* _t159;
				intOrPtr* _t168;
				intOrPtr* _t171;
				intOrPtr* _t184;
				intOrPtr* _t187;
				intOrPtr* _t188;
				signed int _t291;
				void* _t292;
				void* _t293;
				void* _t295;
				void* _t300;
				void* _t304;
				void* _t306;
				void* _t323;
				void* _t325;

				_push(0xffffffff);
				_push(0x517298);
				_push( *[fs:0x0]);
				_t293 = _t292 - 0x50;
				_t94 =  *0x561244; // 0x554c9ad9
				_push(_t94 ^ _t291);
				 *[fs:0x0] =  &_v16;
				_v96 = __ecx;
				if(E00420CF0(_v96) - 1 <=  *((intOrPtr*)(_v96 + 8))) {
					E004134D0( &_v92, "map/set<T> too long");
					_v8 = 0;
					E00413D50( &_v92);
					E00456A4C( &_v64, 0x544b50);
					_v8 = 0xffffffff;
					E00413C20( &_v92);
				}
				_v20 = E00420EC0( *((intOrPtr*)(_v96 + 4)), _a12,  *((intOrPtr*)(_v96 + 4)), _a16, 0);
				 *((intOrPtr*)(_v96 + 8)) =  *((intOrPtr*)(_v96 + 8)) + 1;
				if(_a12 !=  *((intOrPtr*)(_v96 + 4))) {
					__eflags = _a8 & 0x000000ff;
					if((_a8 & 0x000000ff) == 0) {
						_t103 = E00441910(_a12);
						_t293 = _t293 + 4;
						 *_t103 = _v20;
						_t104 = E00433720(_v96);
						__eflags = _a12 -  *_t104;
						if(_a12 ==  *_t104) {
							 *((intOrPtr*)(E00433720(_v96))) = _v20;
						}
					} else {
						_t187 = E00415110(_a12);
						_t293 = _t293 + 4;
						 *_t187 = _v20;
						_t188 = E00433680(_v96);
						__eflags = _a12 -  *_t188;
						if(_a12 ==  *_t188) {
							 *((intOrPtr*)(E00433680(_v96))) = _v20;
						}
					}
				} else {
					 *((intOrPtr*)(E0041D410(_v96))) = _v20;
					 *((intOrPtr*)(E00433680(_v96))) = _v20;
					 *((intOrPtr*)(E00433720(_v96))) = _v20;
				}
				_v24 = _v20;
				while(1) {
					_t107 = E00420150( *((intOrPtr*)(E0042AE30(_v24))));
					_t295 = _t293 + 8;
					if( *_t107 != 0) {
						break;
					}
					_t113 = E0042AE30(_v24);
					_t117 = E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))));
					_t300 = _t295 + 0x10;
					if( *_t113 !=  *_t117) {
						_a12 =  *((intOrPtr*)(E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t122 = E00420150(_a12);
						_t304 = _t300 + 0x10;
						__eflags =  *_t122;
						if( *_t122 != 0) {
							_t125 = E00415110( *((intOrPtr*)(E0042AE30(_v24))));
							_t306 = _t304 + 8;
							__eflags = _v24 -  *_t125;
							if(_v24 ==  *_t125) {
								_t137 = E0042AE30(_v24);
								_t306 = _t306 + 4;
								_v24 =  *_t137;
								E004208B0(_v96, __eflags, _v24);
							}
							 *((char*)(E00420150( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00420150( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t134 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t306 + 0x1c;
							E00420700(_v96, __eflags,  *_t134);
						} else {
							 *((char*)(E00420150( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00420150(_a12))) = 1;
							 *((char*)(E00420150( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t149 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t304 + 0x20;
							_v24 =  *_t149;
						}
					} else {
						_a12 =  *((intOrPtr*)(E00441910( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t156 = E00420150(_a12);
						_t323 = _t300 + 0x10;
						if( *_t156 != 0) {
							_t159 = E00441910( *((intOrPtr*)(E0042AE30(_v24))));
							_t325 = _t323 + 8;
							__eflags = _v24 -  *_t159;
							if(_v24 ==  *_t159) {
								_t171 = E0042AE30(_v24);
								_t325 = _t325 + 4;
								_v24 =  *_t171;
								E00420700(_v96, __eflags, _v24);
							}
							 *((char*)(E00420150( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00420150( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t168 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t325 + 0x1c;
							E004208B0(_v96, __eflags,  *_t168);
						} else {
							 *((char*)(E00420150( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00420150(_a12))) = 1;
							 *((char*)(E00420150( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t184 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t323 + 0x20;
							_v24 =  *_t184;
						}
					}
				}
				 *((char*)(E00420150( *((intOrPtr*)(E0041D410(_v96)))))) = 1;
				E00445360(_a4, _v20);
				 *[fs:0x0] = _v16;
				return _a4;
			}





































                                                                                                                                                                                0x00420293
                                                                                                                                                                                0x00420295
                                                                                                                                                                                0x004202a0
                                                                                                                                                                                0x004202a1
                                                                                                                                                                                0x004202a5
                                                                                                                                                                                0x004202ac
                                                                                                                                                                                0x004202b0
                                                                                                                                                                                0x004202b6
                                                                                                                                                                                0x004202ca
                                                                                                                                                                                0x004202d4
                                                                                                                                                                                0x004202d9
                                                                                                                                                                                0x004202e7
                                                                                                                                                                                0x004202f5
                                                                                                                                                                                0x004202fa
                                                                                                                                                                                0x00420304
                                                                                                                                                                                0x00420304
                                                                                                                                                                                0x00420329
                                                                                                                                                                                0x00420338
                                                                                                                                                                                0x00420344
                                                                                                                                                                                0x00420373
                                                                                                                                                                                0x00420375
                                                                                                                                                                                0x004203aa
                                                                                                                                                                                0x004203af
                                                                                                                                                                                0x004203b5
                                                                                                                                                                                0x004203ba
                                                                                                                                                                                0x004203c2
                                                                                                                                                                                0x004203c4
                                                                                                                                                                                0x004203d1
                                                                                                                                                                                0x004203d1
                                                                                                                                                                                0x00420377
                                                                                                                                                                                0x0042037b
                                                                                                                                                                                0x00420380
                                                                                                                                                                                0x00420386
                                                                                                                                                                                0x0042038b
                                                                                                                                                                                0x00420393
                                                                                                                                                                                0x00420395
                                                                                                                                                                                0x004203a2
                                                                                                                                                                                0x004203a2
                                                                                                                                                                                0x004203a4
                                                                                                                                                                                0x00420346
                                                                                                                                                                                0x00420351
                                                                                                                                                                                0x0042035e
                                                                                                                                                                                0x0042036b
                                                                                                                                                                                0x0042036b
                                                                                                                                                                                0x004203d6
                                                                                                                                                                                0x004203d9
                                                                                                                                                                                0x004203e8
                                                                                                                                                                                0x004203ed
                                                                                                                                                                                0x004203f5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004203ff
                                                                                                                                                                                0x00420423
                                                                                                                                                                                0x00420428
                                                                                                                                                                                0x0042042f
                                                                                                                                                                                0x004205a3
                                                                                                                                                                                0x004205aa
                                                                                                                                                                                0x004205af
                                                                                                                                                                                0x004205b5
                                                                                                                                                                                0x004205b7
                                                                                                                                                                                0x00420637
                                                                                                                                                                                0x0042063c
                                                                                                                                                                                0x00420642
                                                                                                                                                                                0x00420644
                                                                                                                                                                                0x0042064a
                                                                                                                                                                                0x0042064f
                                                                                                                                                                                0x00420654
                                                                                                                                                                                0x0042065e
                                                                                                                                                                                0x0042065e
                                                                                                                                                                                0x0042067a
                                                                                                                                                                                0x0042069f
                                                                                                                                                                                0x004206b1
                                                                                                                                                                                0x004206b6
                                                                                                                                                                                0x004206bf
                                                                                                                                                                                0x004205b9
                                                                                                                                                                                0x004205d0
                                                                                                                                                                                0x004205df
                                                                                                                                                                                0x00420604
                                                                                                                                                                                0x00420616
                                                                                                                                                                                0x0042061b
                                                                                                                                                                                0x00420620
                                                                                                                                                                                0x00420620
                                                                                                                                                                                0x00420435
                                                                                                                                                                                0x00420459
                                                                                                                                                                                0x00420460
                                                                                                                                                                                0x00420465
                                                                                                                                                                                0x0042046d
                                                                                                                                                                                0x004204ed
                                                                                                                                                                                0x004204f2
                                                                                                                                                                                0x004204f8
                                                                                                                                                                                0x004204fa
                                                                                                                                                                                0x00420500
                                                                                                                                                                                0x00420505
                                                                                                                                                                                0x0042050a
                                                                                                                                                                                0x00420514
                                                                                                                                                                                0x00420514
                                                                                                                                                                                0x00420530
                                                                                                                                                                                0x00420555
                                                                                                                                                                                0x00420567
                                                                                                                                                                                0x0042056c
                                                                                                                                                                                0x00420575
                                                                                                                                                                                0x0042046f
                                                                                                                                                                                0x00420486
                                                                                                                                                                                0x00420495
                                                                                                                                                                                0x004204ba
                                                                                                                                                                                0x004204cc
                                                                                                                                                                                0x004204d1
                                                                                                                                                                                0x004204d6
                                                                                                                                                                                0x004204d6
                                                                                                                                                                                0x0042057a
                                                                                                                                                                                0x004206c4
                                                                                                                                                                                0x004206dc
                                                                                                                                                                                0x004206e6
                                                                                                                                                                                0x004206f1
                                                                                                                                                                                0x004206fd

                                                                                                                                                                                APIs
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 004202F5
                                                                                                                                                                                  • Part of subcall function 00456A4C: RaiseException.KERNEL32(?,?,00417495,?,?,?,?,?,00417495,?,00544A68,?), ref: 00456A8E
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 00420349
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 00420356
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 00420363
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 0042038B
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 0042039A
                                                                                                                                                                                  • Part of subcall function 004208B0: HandleT.LIBCPMTD ref: 00420944
                                                                                                                                                                                  • Part of subcall function 004208B0: HandleT.LIBCPMTD ref: 00420953
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 004203BA
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 004203C9
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 004206CC
                                                                                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 004206E6
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Handle$AllocatorDebugExceptionException@8HeapRaiseThrow
                                                                                                                                                                                • String ID: map/set<T> too long
                                                                                                                                                                                • API String ID: 3699313741-1285458680
                                                                                                                                                                                • Opcode ID: ad2dffa54098eee553e5d828587db46679a889422e0d2e0b931740327440f885
                                                                                                                                                                                • Instruction ID: 7913f4163ca43ad304d3f35ed371cff260fae5cd150668d2e043dfa50577e44d
                                                                                                                                                                                • Opcode Fuzzy Hash: ad2dffa54098eee553e5d828587db46679a889422e0d2e0b931740327440f885
                                                                                                                                                                                • Instruction Fuzzy Hash: FEE1A3F5E001549FDB04EFA1F882A6F73B6AF84308F54446DE8059B352D639E911CBA6
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00431A00, Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 387memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                			E00431A00(intOrPtr __ecx, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v64;
				char _v92;
				intOrPtr _v96;
				signed int _t94;
				intOrPtr* _t103;
				intOrPtr* _t104;
				char* _t107;
				intOrPtr* _t113;
				intOrPtr* _t117;
				char* _t122;
				intOrPtr* _t125;
				intOrPtr* _t134;
				intOrPtr* _t137;
				intOrPtr* _t149;
				char* _t156;
				intOrPtr* _t159;
				intOrPtr* _t168;
				intOrPtr* _t171;
				intOrPtr* _t184;
				intOrPtr* _t187;
				intOrPtr* _t188;
				signed int _t291;
				void* _t292;
				void* _t293;
				void* _t295;
				void* _t300;
				void* _t304;
				void* _t306;
				void* _t323;
				void* _t325;

				_push(0xffffffff);
				_push(0x517298);
				_push( *[fs:0x0]);
				_t293 = _t292 - 0x50;
				_t94 =  *0x561244; // 0x554c9ad9
				_push(_t94 ^ _t291);
				 *[fs:0x0] =  &_v16;
				_v96 = __ecx;
				if(E00431E90(_v96) - 1 <=  *((intOrPtr*)(_v96 + 8))) {
					E004134D0( &_v92, "map/set<T> too long");
					_v8 = 0;
					E00413D50( &_v92);
					E00456A4C( &_v64, 0x544b50);
					_v8 = 0xffffffff;
					E00413C20( &_v92);
				}
				_v20 = E00431F40( *((intOrPtr*)(_v96 + 4)), _a12,  *((intOrPtr*)(_v96 + 4)), _a16, 0);
				 *((intOrPtr*)(_v96 + 8)) =  *((intOrPtr*)(_v96 + 8)) + 1;
				if(_a12 !=  *((intOrPtr*)(_v96 + 4))) {
					__eflags = _a8 & 0x000000ff;
					if((_a8 & 0x000000ff) == 0) {
						_t103 = E00441910(_a12);
						_t293 = _t293 + 4;
						 *_t103 = _v20;
						_t104 = E00433720(_v96);
						__eflags = _a12 -  *_t104;
						if(_a12 ==  *_t104) {
							 *((intOrPtr*)(E00433720(_v96))) = _v20;
						}
					} else {
						_t187 = E00415110(_a12);
						_t293 = _t293 + 4;
						 *_t187 = _v20;
						_t188 = E00433680(_v96);
						__eflags = _a12 -  *_t188;
						if(_a12 ==  *_t188) {
							 *((intOrPtr*)(E00433680(_v96))) = _v20;
						}
					}
				} else {
					 *((intOrPtr*)(E0041D410(_v96))) = _v20;
					 *((intOrPtr*)(E00433680(_v96))) = _v20;
					 *((intOrPtr*)(E00433720(_v96))) = _v20;
				}
				_v24 = _v20;
				while(1) {
					_t107 = E00409110( *((intOrPtr*)(E0042AE30(_v24))));
					_t295 = _t293 + 8;
					if( *_t107 != 0) {
						break;
					}
					_t113 = E0042AE30(_v24);
					_t117 = E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))));
					_t300 = _t295 + 0x10;
					if( *_t113 !=  *_t117) {
						_a12 =  *((intOrPtr*)(E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t122 = E00409110(_a12);
						_t304 = _t300 + 0x10;
						__eflags =  *_t122;
						if( *_t122 != 0) {
							_t125 = E00415110( *((intOrPtr*)(E0042AE30(_v24))));
							_t306 = _t304 + 8;
							__eflags = _v24 -  *_t125;
							if(_v24 ==  *_t125) {
								_t137 = E0042AE30(_v24);
								_t306 = _t306 + 4;
								_v24 =  *_t137;
								E00409350(_v96, __eflags, _v24);
							}
							 *((char*)(E00409110( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00409110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t134 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t306 + 0x1c;
							E004091A0(_v96, __eflags,  *_t134);
						} else {
							 *((char*)(E00409110( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00409110(_a12))) = 1;
							 *((char*)(E00409110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t149 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t304 + 0x20;
							_v24 =  *_t149;
						}
					} else {
						_a12 =  *((intOrPtr*)(E00441910( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t156 = E00409110(_a12);
						_t323 = _t300 + 0x10;
						if( *_t156 != 0) {
							_t159 = E00441910( *((intOrPtr*)(E0042AE30(_v24))));
							_t325 = _t323 + 8;
							__eflags = _v24 -  *_t159;
							if(_v24 ==  *_t159) {
								_t171 = E0042AE30(_v24);
								_t325 = _t325 + 4;
								_v24 =  *_t171;
								E004091A0(_v96, __eflags, _v24);
							}
							 *((char*)(E00409110( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00409110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t168 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t325 + 0x1c;
							E00409350(_v96, __eflags,  *_t168);
						} else {
							 *((char*)(E00409110( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E00409110(_a12))) = 1;
							 *((char*)(E00409110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t184 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t323 + 0x20;
							_v24 =  *_t184;
						}
					}
				}
				 *((char*)(E00409110( *((intOrPtr*)(E0041D410(_v96)))))) = 1;
				E00445360(_a4, _v20);
				 *[fs:0x0] = _v16;
				return _a4;
			}





































                                                                                                                                                                                0x00431a03
                                                                                                                                                                                0x00431a05
                                                                                                                                                                                0x00431a10
                                                                                                                                                                                0x00431a11
                                                                                                                                                                                0x00431a15
                                                                                                                                                                                0x00431a1c
                                                                                                                                                                                0x00431a20
                                                                                                                                                                                0x00431a26
                                                                                                                                                                                0x00431a3a
                                                                                                                                                                                0x00431a44
                                                                                                                                                                                0x00431a49
                                                                                                                                                                                0x00431a57
                                                                                                                                                                                0x00431a65
                                                                                                                                                                                0x00431a6a
                                                                                                                                                                                0x00431a74
                                                                                                                                                                                0x00431a74
                                                                                                                                                                                0x00431a99
                                                                                                                                                                                0x00431aa8
                                                                                                                                                                                0x00431ab4
                                                                                                                                                                                0x00431ae3
                                                                                                                                                                                0x00431ae5
                                                                                                                                                                                0x00431b1a
                                                                                                                                                                                0x00431b1f
                                                                                                                                                                                0x00431b25
                                                                                                                                                                                0x00431b2a
                                                                                                                                                                                0x00431b32
                                                                                                                                                                                0x00431b34
                                                                                                                                                                                0x00431b41
                                                                                                                                                                                0x00431b41
                                                                                                                                                                                0x00431ae7
                                                                                                                                                                                0x00431aeb
                                                                                                                                                                                0x00431af0
                                                                                                                                                                                0x00431af6
                                                                                                                                                                                0x00431afb
                                                                                                                                                                                0x00431b03
                                                                                                                                                                                0x00431b05
                                                                                                                                                                                0x00431b12
                                                                                                                                                                                0x00431b12
                                                                                                                                                                                0x00431b14
                                                                                                                                                                                0x00431ab6
                                                                                                                                                                                0x00431ac1
                                                                                                                                                                                0x00431ace
                                                                                                                                                                                0x00431adb
                                                                                                                                                                                0x00431adb
                                                                                                                                                                                0x00431b46
                                                                                                                                                                                0x00431b49
                                                                                                                                                                                0x00431b58
                                                                                                                                                                                0x00431b5d
                                                                                                                                                                                0x00431b65
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00431b6f
                                                                                                                                                                                0x00431b93
                                                                                                                                                                                0x00431b98
                                                                                                                                                                                0x00431b9f
                                                                                                                                                                                0x00431d13
                                                                                                                                                                                0x00431d1a
                                                                                                                                                                                0x00431d1f
                                                                                                                                                                                0x00431d25
                                                                                                                                                                                0x00431d27
                                                                                                                                                                                0x00431da7
                                                                                                                                                                                0x00431dac
                                                                                                                                                                                0x00431db2
                                                                                                                                                                                0x00431db4
                                                                                                                                                                                0x00431dba
                                                                                                                                                                                0x00431dbf
                                                                                                                                                                                0x00431dc4
                                                                                                                                                                                0x00431dce
                                                                                                                                                                                0x00431dce
                                                                                                                                                                                0x00431dea
                                                                                                                                                                                0x00431e0f
                                                                                                                                                                                0x00431e21
                                                                                                                                                                                0x00431e26
                                                                                                                                                                                0x00431e2f
                                                                                                                                                                                0x00431d29
                                                                                                                                                                                0x00431d40
                                                                                                                                                                                0x00431d4f
                                                                                                                                                                                0x00431d74
                                                                                                                                                                                0x00431d86
                                                                                                                                                                                0x00431d8b
                                                                                                                                                                                0x00431d90
                                                                                                                                                                                0x00431d90
                                                                                                                                                                                0x00431ba5
                                                                                                                                                                                0x00431bc9
                                                                                                                                                                                0x00431bd0
                                                                                                                                                                                0x00431bd5
                                                                                                                                                                                0x00431bdd
                                                                                                                                                                                0x00431c5d
                                                                                                                                                                                0x00431c62
                                                                                                                                                                                0x00431c68
                                                                                                                                                                                0x00431c6a
                                                                                                                                                                                0x00431c70
                                                                                                                                                                                0x00431c75
                                                                                                                                                                                0x00431c7a
                                                                                                                                                                                0x00431c84
                                                                                                                                                                                0x00431c84
                                                                                                                                                                                0x00431ca0
                                                                                                                                                                                0x00431cc5
                                                                                                                                                                                0x00431cd7
                                                                                                                                                                                0x00431cdc
                                                                                                                                                                                0x00431ce5
                                                                                                                                                                                0x00431bdf
                                                                                                                                                                                0x00431bf6
                                                                                                                                                                                0x00431c05
                                                                                                                                                                                0x00431c2a
                                                                                                                                                                                0x00431c3c
                                                                                                                                                                                0x00431c41
                                                                                                                                                                                0x00431c46
                                                                                                                                                                                0x00431c46
                                                                                                                                                                                0x00431cea
                                                                                                                                                                                0x00431e34
                                                                                                                                                                                0x00431e4c
                                                                                                                                                                                0x00431e56
                                                                                                                                                                                0x00431e61
                                                                                                                                                                                0x00431e6d

                                                                                                                                                                                APIs
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00431A65
                                                                                                                                                                                  • Part of subcall function 00456A4C: RaiseException.KERNEL32(?,?,00417495,?,?,?,?,?,00417495,?,00544A68,?), ref: 00456A8E
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 00431AB9
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 00431AC6
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 00431AD3
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 00431AFB
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 00431B0A
                                                                                                                                                                                  • Part of subcall function 00409350: HandleT.LIBCPMTD ref: 004093E4
                                                                                                                                                                                  • Part of subcall function 00409350: HandleT.LIBCPMTD ref: 004093F3
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 00431B2A
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 00431B39
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 00431E3C
                                                                                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 00431E56
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Handle$AllocatorDebugExceptionException@8HeapRaiseThrow
                                                                                                                                                                                • String ID: map/set<T> too long
                                                                                                                                                                                • API String ID: 3699313741-1285458680
                                                                                                                                                                                • Opcode ID: 5541c3eff9ac2d1f3906ca3eb5334e432a890d749b25990acfb3e491166c11ad
                                                                                                                                                                                • Instruction ID: e4a790a359245b49f7060f943024f6769a204ec36205df451c937a2456567c87
                                                                                                                                                                                • Opcode Fuzzy Hash: 5541c3eff9ac2d1f3906ca3eb5334e432a890d749b25990acfb3e491166c11ad
                                                                                                                                                                                • Instruction Fuzzy Hash: 10E183F5E00144AFDB04EFA1E88296FB376AF89308F14446DE8055F356EA39ED11CB66
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0041CFA0, Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 387memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                			E0041CFA0(intOrPtr __ecx, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v64;
				char _v92;
				intOrPtr _v96;
				signed int _t94;
				intOrPtr* _t103;
				intOrPtr* _t104;
				char* _t107;
				intOrPtr* _t113;
				intOrPtr* _t117;
				char* _t122;
				intOrPtr* _t125;
				intOrPtr* _t134;
				intOrPtr* _t137;
				intOrPtr* _t149;
				char* _t156;
				intOrPtr* _t159;
				intOrPtr* _t168;
				intOrPtr* _t171;
				intOrPtr* _t184;
				intOrPtr* _t187;
				intOrPtr* _t188;
				signed int _t291;
				void* _t292;
				void* _t293;
				void* _t295;
				void* _t300;
				void* _t304;
				void* _t306;
				void* _t323;
				void* _t325;

				_push(0xffffffff);
				_push(0x517298);
				_push( *[fs:0x0]);
				_t293 = _t292 - 0x50;
				_t94 =  *0x561244; // 0x554c9ad9
				_push(_t94 ^ _t291);
				 *[fs:0x0] =  &_v16;
				_v96 = __ecx;
				if(E0041D730(_v96) - 1 <=  *((intOrPtr*)(_v96 + 8))) {
					E004134D0( &_v92, "map/set<T> too long");
					_v8 = 0;
					E00413D50( &_v92);
					E00456A4C( &_v64, 0x544b50);
					_v8 = 0xffffffff;
					E00413C20( &_v92);
				}
				_v20 = E0041DB60( *((intOrPtr*)(_v96 + 4)), _a12,  *((intOrPtr*)(_v96 + 4)), _a16, 0);
				 *((intOrPtr*)(_v96 + 8)) =  *((intOrPtr*)(_v96 + 8)) + 1;
				if(_a12 !=  *((intOrPtr*)(_v96 + 4))) {
					__eflags = _a8 & 0x000000ff;
					if((_a8 & 0x000000ff) == 0) {
						_t103 = E00441910(_a12);
						_t293 = _t293 + 4;
						 *_t103 = _v20;
						_t104 = E00433720(_v96);
						__eflags = _a12 -  *_t104;
						if(_a12 ==  *_t104) {
							 *((intOrPtr*)(E00433720(_v96))) = _v20;
						}
					} else {
						_t187 = E00415110(_a12);
						_t293 = _t293 + 4;
						 *_t187 = _v20;
						_t188 = E00433680(_v96);
						__eflags = _a12 -  *_t188;
						if(_a12 ==  *_t188) {
							 *((intOrPtr*)(E00433680(_v96))) = _v20;
						}
					}
				} else {
					 *((intOrPtr*)(E0041D410(_v96))) = _v20;
					 *((intOrPtr*)(E00433680(_v96))) = _v20;
					 *((intOrPtr*)(E00433720(_v96))) = _v20;
				}
				_v24 = _v20;
				while(1) {
					_t107 = E0041D720( *((intOrPtr*)(E0042AE30(_v24))));
					_t295 = _t293 + 8;
					if( *_t107 != 0) {
						break;
					}
					_t113 = E0042AE30(_v24);
					_t117 = E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))));
					_t300 = _t295 + 0x10;
					if( *_t113 !=  *_t117) {
						_a12 =  *((intOrPtr*)(E00415110( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t122 = E0041D720(_a12);
						_t304 = _t300 + 0x10;
						__eflags =  *_t122;
						if( *_t122 != 0) {
							_t125 = E00415110( *((intOrPtr*)(E0042AE30(_v24))));
							_t306 = _t304 + 8;
							__eflags = _v24 -  *_t125;
							if(_v24 ==  *_t125) {
								_t137 = E0042AE30(_v24);
								_t306 = _t306 + 4;
								_v24 =  *_t137;
								E0041DA30(_v96, __eflags, _v24);
							}
							 *((char*)(E0041D720( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E0041D720( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t134 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t306 + 0x1c;
							E0041D900(_v96, __eflags,  *_t134);
						} else {
							 *((char*)(E0041D720( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E0041D720(_a12))) = 1;
							 *((char*)(E0041D720( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t149 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t304 + 0x20;
							_v24 =  *_t149;
						}
					} else {
						_a12 =  *((intOrPtr*)(E00441910( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24)))))))));
						_t156 = E0041D720(_a12);
						_t323 = _t300 + 0x10;
						if( *_t156 != 0) {
							_t159 = E00441910( *((intOrPtr*)(E0042AE30(_v24))));
							_t325 = _t323 + 8;
							__eflags = _v24 -  *_t159;
							if(_v24 ==  *_t159) {
								_t171 = E0042AE30(_v24);
								_t325 = _t325 + 4;
								_v24 =  *_t171;
								E0041D900(_v96, __eflags, _v24);
							}
							 *((char*)(E0041D720( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E0041D720( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t168 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t325 + 0x1c;
							E0041DA30(_v96, __eflags,  *_t168);
						} else {
							 *((char*)(E0041D720( *((intOrPtr*)(E0042AE30(_v24)))))) = 1;
							 *((char*)(E0041D720(_a12))) = 1;
							 *((char*)(E0041D720( *((intOrPtr*)(E0042AE30( *((intOrPtr*)(E0042AE30(_v24))))))))) = 0;
							_t184 = E0042AE30( *((intOrPtr*)(E0042AE30(_v24))));
							_t293 = _t323 + 0x20;
							_v24 =  *_t184;
						}
					}
				}
				 *((char*)(E0041D720( *((intOrPtr*)(E0041D410(_v96)))))) = 1;
				E00445360(_a4, _v20);
				 *[fs:0x0] = _v16;
				return _a4;
			}





































                                                                                                                                                                                0x0041cfa3
                                                                                                                                                                                0x0041cfa5
                                                                                                                                                                                0x0041cfb0
                                                                                                                                                                                0x0041cfb1
                                                                                                                                                                                0x0041cfb5
                                                                                                                                                                                0x0041cfbc
                                                                                                                                                                                0x0041cfc0
                                                                                                                                                                                0x0041cfc6
                                                                                                                                                                                0x0041cfda
                                                                                                                                                                                0x0041cfe4
                                                                                                                                                                                0x0041cfe9
                                                                                                                                                                                0x0041cff7
                                                                                                                                                                                0x0041d005
                                                                                                                                                                                0x0041d00a
                                                                                                                                                                                0x0041d014
                                                                                                                                                                                0x0041d014
                                                                                                                                                                                0x0041d039
                                                                                                                                                                                0x0041d048
                                                                                                                                                                                0x0041d054
                                                                                                                                                                                0x0041d083
                                                                                                                                                                                0x0041d085
                                                                                                                                                                                0x0041d0ba
                                                                                                                                                                                0x0041d0bf
                                                                                                                                                                                0x0041d0c5
                                                                                                                                                                                0x0041d0ca
                                                                                                                                                                                0x0041d0d2
                                                                                                                                                                                0x0041d0d4
                                                                                                                                                                                0x0041d0e1
                                                                                                                                                                                0x0041d0e1
                                                                                                                                                                                0x0041d087
                                                                                                                                                                                0x0041d08b
                                                                                                                                                                                0x0041d090
                                                                                                                                                                                0x0041d096
                                                                                                                                                                                0x0041d09b
                                                                                                                                                                                0x0041d0a3
                                                                                                                                                                                0x0041d0a5
                                                                                                                                                                                0x0041d0b2
                                                                                                                                                                                0x0041d0b2
                                                                                                                                                                                0x0041d0b4
                                                                                                                                                                                0x0041d056
                                                                                                                                                                                0x0041d061
                                                                                                                                                                                0x0041d06e
                                                                                                                                                                                0x0041d07b
                                                                                                                                                                                0x0041d07b
                                                                                                                                                                                0x0041d0e6
                                                                                                                                                                                0x0041d0e9
                                                                                                                                                                                0x0041d0f8
                                                                                                                                                                                0x0041d0fd
                                                                                                                                                                                0x0041d105
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0041d10f
                                                                                                                                                                                0x0041d133
                                                                                                                                                                                0x0041d138
                                                                                                                                                                                0x0041d13f
                                                                                                                                                                                0x0041d2b3
                                                                                                                                                                                0x0041d2ba
                                                                                                                                                                                0x0041d2bf
                                                                                                                                                                                0x0041d2c5
                                                                                                                                                                                0x0041d2c7
                                                                                                                                                                                0x0041d347
                                                                                                                                                                                0x0041d34c
                                                                                                                                                                                0x0041d352
                                                                                                                                                                                0x0041d354
                                                                                                                                                                                0x0041d35a
                                                                                                                                                                                0x0041d35f
                                                                                                                                                                                0x0041d364
                                                                                                                                                                                0x0041d36e
                                                                                                                                                                                0x0041d36e
                                                                                                                                                                                0x0041d38a
                                                                                                                                                                                0x0041d3af
                                                                                                                                                                                0x0041d3c1
                                                                                                                                                                                0x0041d3c6
                                                                                                                                                                                0x0041d3cf
                                                                                                                                                                                0x0041d2c9
                                                                                                                                                                                0x0041d2e0
                                                                                                                                                                                0x0041d2ef
                                                                                                                                                                                0x0041d314
                                                                                                                                                                                0x0041d326
                                                                                                                                                                                0x0041d32b
                                                                                                                                                                                0x0041d330
                                                                                                                                                                                0x0041d330
                                                                                                                                                                                0x0041d145
                                                                                                                                                                                0x0041d169
                                                                                                                                                                                0x0041d170
                                                                                                                                                                                0x0041d175
                                                                                                                                                                                0x0041d17d
                                                                                                                                                                                0x0041d1fd
                                                                                                                                                                                0x0041d202
                                                                                                                                                                                0x0041d208
                                                                                                                                                                                0x0041d20a
                                                                                                                                                                                0x0041d210
                                                                                                                                                                                0x0041d215
                                                                                                                                                                                0x0041d21a
                                                                                                                                                                                0x0041d224
                                                                                                                                                                                0x0041d224
                                                                                                                                                                                0x0041d240
                                                                                                                                                                                0x0041d265
                                                                                                                                                                                0x0041d277
                                                                                                                                                                                0x0041d27c
                                                                                                                                                                                0x0041d285
                                                                                                                                                                                0x0041d17f
                                                                                                                                                                                0x0041d196
                                                                                                                                                                                0x0041d1a5
                                                                                                                                                                                0x0041d1ca
                                                                                                                                                                                0x0041d1dc
                                                                                                                                                                                0x0041d1e1
                                                                                                                                                                                0x0041d1e6
                                                                                                                                                                                0x0041d1e6
                                                                                                                                                                                0x0041d28a
                                                                                                                                                                                0x0041d3d4
                                                                                                                                                                                0x0041d3ec
                                                                                                                                                                                0x0041d3f6
                                                                                                                                                                                0x0041d401
                                                                                                                                                                                0x0041d40d

                                                                                                                                                                                APIs
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 0041D005
                                                                                                                                                                                  • Part of subcall function 00456A4C: RaiseException.KERNEL32(?,?,00417495,?,?,?,?,?,00417495,?,00544A68,?), ref: 00456A8E
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 0041D059
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 0041D066
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 0041D073
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 0041D09B
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 0041D0AA
                                                                                                                                                                                  • Part of subcall function 0041DA30: HandleT.LIBCPMTD ref: 0041DAC4
                                                                                                                                                                                  • Part of subcall function 0041DA30: HandleT.LIBCPMTD ref: 0041DAD3
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 0041D0CA
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 0041D0D9
                                                                                                                                                                                • HandleT.LIBCPMTD ref: 0041D3DC
                                                                                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 0041D3F6
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Handle$AllocatorDebugExceptionException@8HeapRaiseThrow
                                                                                                                                                                                • String ID: map/set<T> too long
                                                                                                                                                                                • API String ID: 3699313741-1285458680
                                                                                                                                                                                • Opcode ID: b8bd37fcb15f34cd53e11df0cd1955b9fc464ef3865191caa10b3315eeb2d2cc
                                                                                                                                                                                • Instruction ID: e5d37839dca9f35039a431e2513190f11395736884d950e5dcdd22d0a0dad3d5
                                                                                                                                                                                • Opcode Fuzzy Hash: b8bd37fcb15f34cd53e11df0cd1955b9fc464ef3865191caa10b3315eeb2d2cc
                                                                                                                                                                                • Instruction Fuzzy Hash: 7EE1B7F5E00144AFDB04EFA1E8829AF7376AF89308F14446DF8155B352DA39ED11CBA6
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00409BF0, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 156COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 80%
                                                                                                                                                                                			E00409BF0(struct HWND__* _a4, int _a8, intOrPtr _a12, char* _a16, intOrPtr _a20, char* _a24) {
				char _v8;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				struct HWND__* _v48;
				intOrPtr _v52;
				intOrPtr* _v56;
				char* _v60;
				intOrPtr* _v64;
				intOrPtr _v68;
				signed int _t71;
				intOrPtr _t85;
				intOrPtr _t88;
				intOrPtr _t97;
				void* _t102;
				void* _t141;
				signed int _t142;
				void* _t143;
				void* _t144;
				void* _t145;

				_push(0xffffffff);
				_push(0x5183f8);
				_push( *[fs:0x0]);
				_t144 = _t143 - 0x34;
				_t71 =  *0x561244; // 0x554c9ad9
				_push(_t71 ^ _t142);
				 *[fs:0x0] =  &_v16;
				_t149 = _a8 - 0xffffffff;
				if(_a8 != 0xffffffff) {
					_v48 = GetDlgItem(_a4, _a8);
				} else {
					_v48 = _a4;
				}
				E0040A2C0( &_v28, _t141, _t149, _v48);
				E00414C90();
				_v8 = 0;
				_v24 = E0040A2F0( &_v28, 0x53b524, 0, E00434050( &_v32));
				if(_v24 >= 0) {
					_push(L"BabCtrl :: control created..");
					E004CC5C0(_t79);
					_t145 = _t144 + 4;
					__eflags = _a16;
					if(_a16 == 0) {
						_v52 = 0x80070057;
					} else {
						_v52 = E0040A320( &_v28, _a16);
					}
					_t81 = _v52;
					_v24 = _v52;
					__eflags = _v24;
					if(_v24 < 0) {
						_push(L"BabCtr:: fail to set uihandler");
						_t81 = E004CC5C0(_t81);
						_t145 = _t145 + 4;
					}
					_push(L"BabCtrl :: set external OK ..");
					E004CC5C0(_t81);
					__eflags = _a20;
					if(_a20 != 0) {
						E0040A5D0(E0041D530( &_v32));
						_v8 = 1;
						_t97 = E0041D530( &_v36);
						__eflags = _t97;
						if(_t97 == 0) {
							_push(L"BabCtrl :: set host Failed ..");
							E004CC5C0(_t97);
						} else {
							_v56 = E0041D530( &_v36);
							_t102 =  *((intOrPtr*)( *((intOrPtr*)( *_v56 + 0xc))))(_v56, _a20);
							_push(L"BabCtrl :: set Host OK ..");
							E004CC5C0(_t102);
						}
						_v8 = 0;
						E00439240();
					}
					E0040A640(E0041D530( &_v32));
					_v8 = 2;
					_t85 = E0041D530( &_v20);
					__eflags = _t85;
					if(_t85 != 0) {
						__eflags = _a24;
						if(_a24 == 0) {
							_v60 = L"SHELL.Explorer";
						} else {
							_v60 = _a24;
						}
						_v64 = E0041D530( &_v20);
						_t56 =  *_v64 + 0xc; // 0x780045
						 *((intOrPtr*)( *_t56))(_v64, _v60, _a4, 0);
					}
					__eflags = _a12;
					if(_a12 == 0) {
						_v68 = 0x80070057;
					} else {
						_v68 = E0040A960( &_v28, _a12);
					}
					_v44 = _v68;
					_v8 = 0;
					E00439240();
					_v8 = 0xffffffff;
					E0040D320();
					_t88 = _v44;
				} else {
					_v40 = _v24;
					_v8 = 0xffffffff;
					E0040D320();
					_t88 = _v40;
				}
				 *[fs:0x0] = _v16;
				return _t88;
			}




























                                                                                                                                                                                0x00409bf3
                                                                                                                                                                                0x00409bf5
                                                                                                                                                                                0x00409c00
                                                                                                                                                                                0x00409c01
                                                                                                                                                                                0x00409c04
                                                                                                                                                                                0x00409c0b
                                                                                                                                                                                0x00409c0f
                                                                                                                                                                                0x00409c15
                                                                                                                                                                                0x00409c19
                                                                                                                                                                                0x00409c31
                                                                                                                                                                                0x00409c1b
                                                                                                                                                                                0x00409c1e
                                                                                                                                                                                0x00409c1e
                                                                                                                                                                                0x00409c3b
                                                                                                                                                                                0x00409c43
                                                                                                                                                                                0x00409c48
                                                                                                                                                                                0x00409c67
                                                                                                                                                                                0x00409c6e
                                                                                                                                                                                0x00409c8d
                                                                                                                                                                                0x00409c92
                                                                                                                                                                                0x00409c97
                                                                                                                                                                                0x00409c9a
                                                                                                                                                                                0x00409c9e
                                                                                                                                                                                0x00409cb1
                                                                                                                                                                                0x00409ca0
                                                                                                                                                                                0x00409cac
                                                                                                                                                                                0x00409cac
                                                                                                                                                                                0x00409cb8
                                                                                                                                                                                0x00409cbb
                                                                                                                                                                                0x00409cbe
                                                                                                                                                                                0x00409cc2
                                                                                                                                                                                0x00409cc4
                                                                                                                                                                                0x00409cc9
                                                                                                                                                                                0x00409cce
                                                                                                                                                                                0x00409cce
                                                                                                                                                                                0x00409cd1
                                                                                                                                                                                0x00409cd6
                                                                                                                                                                                0x00409cde
                                                                                                                                                                                0x00409ce2
                                                                                                                                                                                0x00409cf0
                                                                                                                                                                                0x00409cf5
                                                                                                                                                                                0x00409cfc
                                                                                                                                                                                0x00409d01
                                                                                                                                                                                0x00409d03
                                                                                                                                                                                0x00409d31
                                                                                                                                                                                0x00409d36
                                                                                                                                                                                0x00409d05
                                                                                                                                                                                0x00409d0d
                                                                                                                                                                                0x00409d20
                                                                                                                                                                                0x00409d22
                                                                                                                                                                                0x00409d27
                                                                                                                                                                                0x00409d2c
                                                                                                                                                                                0x00409d3e
                                                                                                                                                                                0x00409d45
                                                                                                                                                                                0x00409d45
                                                                                                                                                                                0x00409d56
                                                                                                                                                                                0x00409d5b
                                                                                                                                                                                0x00409d62
                                                                                                                                                                                0x00409d67
                                                                                                                                                                                0x00409d69
                                                                                                                                                                                0x00409d6b
                                                                                                                                                                                0x00409d6f
                                                                                                                                                                                0x00409d79
                                                                                                                                                                                0x00409d71
                                                                                                                                                                                0x00409d74
                                                                                                                                                                                0x00409d74
                                                                                                                                                                                0x00409d88
                                                                                                                                                                                0x00409d9e
                                                                                                                                                                                0x00409da1
                                                                                                                                                                                0x00409da1
                                                                                                                                                                                0x00409da3
                                                                                                                                                                                0x00409da7
                                                                                                                                                                                0x00409dba
                                                                                                                                                                                0x00409da9
                                                                                                                                                                                0x00409db5
                                                                                                                                                                                0x00409db5
                                                                                                                                                                                0x00409dc4
                                                                                                                                                                                0x00409dc7
                                                                                                                                                                                0x00409dce
                                                                                                                                                                                0x00409dd3
                                                                                                                                                                                0x00409ddd
                                                                                                                                                                                0x00409de2
                                                                                                                                                                                0x00409c70
                                                                                                                                                                                0x00409c73
                                                                                                                                                                                0x00409c76
                                                                                                                                                                                0x00409c80
                                                                                                                                                                                0x00409c85
                                                                                                                                                                                0x00409c85
                                                                                                                                                                                0x00409de8
                                                                                                                                                                                0x00409df3

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Item
                                                                                                                                                                                • String ID: BabCtr:: fail to set uihandler$BabCtrl :: control created..$BabCtrl :: set Host OK ..$BabCtrl :: set external OK ..$BabCtrl :: set host Failed ..$W$W
                                                                                                                                                                                • API String ID: 3207170592-2923569185
                                                                                                                                                                                • Opcode ID: c5f6a6eb2dd4e3054d342fafb51bad6f9197b658f9e0fcfc39563db65e5f1383
                                                                                                                                                                                • Instruction ID: eaf740cecb094d001f17b7b0570d5d8f32ad036a3cbaf856ee7f5ccacbc46b22
                                                                                                                                                                                • Opcode Fuzzy Hash: c5f6a6eb2dd4e3054d342fafb51bad6f9197b658f9e0fcfc39563db65e5f1383
                                                                                                                                                                                • Instruction Fuzzy Hash: 6F614C71D00209EBDB04EFA5D881AEEB7B0BF58318F10812EE416772D1EB386E45CB95
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004244C0, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E004244C0(signed char _a4) {
				struct HDC__* _v8;
				struct HFONT__* _v12;
				void* _v16;
				int _v20;

				_t1 =  &_a4; // 0x42467e
				if(( *_t1 & 0x000000ff) != 0) {
					_t2 =  &_a4; // 0x42467e
					_v12 = CreateFontW(0, 0, 0, 0, 0, 0, 0, 0,  *_t2 & 0x000000ff, 0, 0, 0, 0, 0);
					if(_v12 != 0) {
						_v8 = GetDC(0);
						_v16 = SelectObject(_v8, _v12);
						_v20 = GetTextCharset(_v8);
						SelectObject(_v8, _v16);
						ReleaseDC(0, _v8);
						DeleteObject(_v12);
						if(_v20 == (_a4 & 0x000000ff)) {
							return 1;
						}
						return 0;
					}
					return 0;
				}
				return 1;
			}







                                                                                                                                                                                0x004244c6
                                                                                                                                                                                0x004244cc
                                                                                                                                                                                0x004244e2
                                                                                                                                                                                0x004244fd
                                                                                                                                                                                0x00424504
                                                                                                                                                                                0x00424512
                                                                                                                                                                                0x00424523
                                                                                                                                                                                0x00424530
                                                                                                                                                                                0x0042453b
                                                                                                                                                                                0x00424547
                                                                                                                                                                                0x00424551
                                                                                                                                                                                0x0042455e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00424564
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00424560
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00424506
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,~FB,00000000,00000000,00000000,00000000,00000000), ref: 004244F7
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateFont
                                                                                                                                                                                • String ID: ~FB
                                                                                                                                                                                • API String ID: 1830492434-2682213495
                                                                                                                                                                                • Opcode ID: 2761a6f0ecc8792617914d0c4bf0b4833e8627f24a0be996a018f82cc7637a97
                                                                                                                                                                                • Instruction ID: f253bb138a9ababeb2fa7b0379442bbb036eb631f144d967374e47d3ec1cdec6
                                                                                                                                                                                • Opcode Fuzzy Hash: 2761a6f0ecc8792617914d0c4bf0b4833e8627f24a0be996a018f82cc7637a97
                                                                                                                                                                                • Instruction Fuzzy Hash: 68115178A04218FFDB40DFB4D848BAEBBB4EB48741F108496F959D6240D7749A84AB60
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004F3ED0, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 148windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                			E004F3ED0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags, signed int _a8) {
				long _v8;
				char _v16;
				signed int _v20;
				signed int _v21;
				short _v32;
				char _v40;
				short _v48;
				char _v56;
				long _v60;
				long _v64;
				intOrPtr _v68;
				signed int _t61;
				long _t78;
				struct HWND__* _t79;
				signed int _t84;
				signed int _t95;
				void* _t97;
				intOrPtr _t120;
				void* _t136;
				void* _t137;
				signed int _t138;

				_t137 = __esi;
				_t136 = __edi;
				_t97 = __ebx;
				_push(0xffffffff);
				_push(0x512e3f);
				_push( *[fs:0x0]);
				_t61 =  *0x561244; // 0x554c9ad9
				_push(_t61 ^ _t138);
				 *[fs:0x0] =  &_v16;
				_v68 = __ecx;
				_v20 = E00404310( *(_v68 + 0x48));
				if(_a8 == 0xfffffffe) {
					_v20 = _v20 * 0xffffffff;
				}
				if(_a8 != 0) {
					L9:
					__eflags = _a8;
					if(_a8 == 0) {
						L11:
						E00416910( &_v56, 0);
						_v8 = 1;
						 *((intOrPtr*)( *((intOrPtr*)( *( *(_v68 + 0x48)) + 0x80))))( *(_v68 + 0x48), L"dontAskAbort", 0, 0,  &_v56);
						__eflags = _v48;
						if(_v48 != 0) {
							L14:
							_v8 = 0xffffffff;
							E00417430( &_v56);
							L15:
							_v21 = E00404A30(E004049B0());
							E004E6960(E004049B0(), 2);
							 *(_v68 + 0x48) = 0;
							E00415F10(_v68);
							__eflags = _a8 - 1;
							if(_a8 != 1) {
								__eflags = _v21 & 0x000000ff;
								if((_v21 & 0x000000ff) == 0) {
									_t79 =  *0x5bdd34; // 0x18021a
									PostMessageW(_t79, 0x10, _v20, 0);
								}
							}
							_t78 = 0;
							__eflags = 0;
							L19:
							 *[fs:0x0] = _v16;
							return _t78;
						}
						E004E6960(E004049B0(), 0);
						_t84 = E004E40D0(_t97, _t136, _t137, __eflags,  *((intOrPtr*)(_v68 + 4)), _v20);
						__eflags = _t84;
						if(_t84 != 0) {
							goto L14;
						}
						E004E6960(E004049B0(), 1);
						E00415F30( *(_v68 + 0x48) + 0x84);
						_v64 = 0;
						_v8 = 0xffffffff;
						E00417430( &_v56);
						_t78 = _v64;
						goto L19;
					}
					__eflags = _a8 - 0xffffffff;
					if(_a8 != 0xffffffff) {
						goto L15;
					}
					goto L11;
				}
				E00416910( &_v40, 0);
				_v8 = 0;
				 *((intOrPtr*)( *((intOrPtr*)( *( *(_v68 + 0x48)) + 0x80))))( *(_v68 + 0x48), L"onXBtnPress", 0, 0,  &_v40);
				if(_v32 == 0) {
					_t120 = _v68;
					__eflags =  *(_t120 + 0x4c);
					if( *(_t120 + 0x4c) != 0) {
						_t95 = E004161A0( *((intOrPtr*)(_v68 + 0x4c)) + 0x84);
						__eflags = _t95;
						if(_t95 != 0) {
							_v20 = 0;
						}
					}
					_v8 = 0xffffffff;
					E00417430( &_v40);
					goto L9;
				}
				_v60 = 0;
				_v8 = 0xffffffff;
				E00417430( &_v40);
				_t78 = _v60;
				goto L19;
			}
























                                                                                                                                                                                0x004f3ed0
                                                                                                                                                                                0x004f3ed0
                                                                                                                                                                                0x004f3ed0
                                                                                                                                                                                0x004f3ed3
                                                                                                                                                                                0x004f3ed5
                                                                                                                                                                                0x004f3ee0
                                                                                                                                                                                0x004f3ee4
                                                                                                                                                                                0x004f3eeb
                                                                                                                                                                                0x004f3eef
                                                                                                                                                                                0x004f3ef5
                                                                                                                                                                                0x004f3f03
                                                                                                                                                                                0x004f3f0a
                                                                                                                                                                                0x004f3f12
                                                                                                                                                                                0x004f3f12
                                                                                                                                                                                0x004f3f19
                                                                                                                                                                                0x004f3fae
                                                                                                                                                                                0x004f3fae
                                                                                                                                                                                0x004f3fb2
                                                                                                                                                                                0x004f3fbe
                                                                                                                                                                                0x004f3fc3
                                                                                                                                                                                0x004f3fc8
                                                                                                                                                                                0x004f3ff1
                                                                                                                                                                                0x004f3ff7
                                                                                                                                                                                0x004f3ff9
                                                                                                                                                                                0x004f405a
                                                                                                                                                                                0x004f405a
                                                                                                                                                                                0x004f4064
                                                                                                                                                                                0x004f4069
                                                                                                                                                                                0x004f4075
                                                                                                                                                                                0x004f4081
                                                                                                                                                                                0x004f4089
                                                                                                                                                                                0x004f4093
                                                                                                                                                                                0x004f4098
                                                                                                                                                                                0x004f409c
                                                                                                                                                                                0x004f40a2
                                                                                                                                                                                0x004f40a4
                                                                                                                                                                                0x004f40ae
                                                                                                                                                                                0x004f40b4
                                                                                                                                                                                0x004f40b4
                                                                                                                                                                                0x004f40a4
                                                                                                                                                                                0x004f40ba
                                                                                                                                                                                0x004f40ba
                                                                                                                                                                                0x004f40bc
                                                                                                                                                                                0x004f40bf
                                                                                                                                                                                0x004f40ca
                                                                                                                                                                                0x004f40ca
                                                                                                                                                                                0x004f4004
                                                                                                                                                                                0x004f4014
                                                                                                                                                                                0x004f401c
                                                                                                                                                                                0x004f401e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f4029
                                                                                                                                                                                0x004f403a
                                                                                                                                                                                0x004f403f
                                                                                                                                                                                0x004f4046
                                                                                                                                                                                0x004f4050
                                                                                                                                                                                0x004f4055
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f4055
                                                                                                                                                                                0x004f3fb4
                                                                                                                                                                                0x004f3fb8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f3fb8
                                                                                                                                                                                0x004f3f24
                                                                                                                                                                                0x004f3f29
                                                                                                                                                                                0x004f3f52
                                                                                                                                                                                0x004f3f5a
                                                                                                                                                                                0x004f3f7a
                                                                                                                                                                                0x004f3f7d
                                                                                                                                                                                0x004f3f81
                                                                                                                                                                                0x004f3f8f
                                                                                                                                                                                0x004f3f94
                                                                                                                                                                                0x004f3f96
                                                                                                                                                                                0x004f3f98
                                                                                                                                                                                0x004f3f98
                                                                                                                                                                                0x004f3f96
                                                                                                                                                                                0x004f3f9f
                                                                                                                                                                                0x004f3fa9
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f3fa9
                                                                                                                                                                                0x004f3f5c
                                                                                                                                                                                0x004f3f63
                                                                                                                                                                                0x004f3f6d
                                                                                                                                                                                0x004f3f72
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • _Immortalize.LIBCPMTD ref: 004F3FFD
                                                                                                                                                                                • _Immortalize.LIBCPMTD ref: 004F4022
                                                                                                                                                                                  • Part of subcall function 004161A0: IsWindow.USER32(005C21C8), ref: 004161AD
                                                                                                                                                                                • _Immortalize.LIBCPMTD ref: 004F4069
                                                                                                                                                                                • _Immortalize.LIBCPMTD ref: 004F407A
                                                                                                                                                                                • PostMessageW.USER32(0018021A,00000010,00000010,00000000), ref: 004F40B4
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Immortalize$MessagePostWindow
                                                                                                                                                                                • String ID: dontAskAbort$onXBtnPress
                                                                                                                                                                                • API String ID: 2663934143-2813093310
                                                                                                                                                                                • Opcode ID: fdfff80750ec8eccded9bc7db14716937af7c38bb839c85cebd79bb15b6ca5a6
                                                                                                                                                                                • Instruction ID: df72d657e7978b6182769af25d3421523c2893e7f1735e4823fd73f4850d1854
                                                                                                                                                                                • Opcode Fuzzy Hash: fdfff80750ec8eccded9bc7db14716937af7c38bb839c85cebd79bb15b6ca5a6
                                                                                                                                                                                • Instruction Fuzzy Hash: 91516C70A00208DFDB14EFA5C951BAEB7B1BF44318F10422DE611AB3D1DB799D41CB94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004F07A0, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 94COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                			E004F07A0(intOrPtr* __ecx) {
				char _v8;
				char _v16;
				char _v20;
				WCHAR* _v32;
				char _v40;
				char _v56;
				char _v57;
				char _v58;
				intOrPtr* _v64;
				signed int _t34;
				intOrPtr _t49;
				signed int _t82;

				_push(0xffffffff);
				_push(0x507c92);
				_push( *[fs:0x0]);
				_t34 =  *0x561244; // 0x554c9ad9
				_push(_t34 ^ _t82);
				 *[fs:0x0] =  &_v16;
				_v64 = __ecx;
				E00414C90();
				_v8 = 0;
				if((E004F06E0(_v64, L"brwseCntnr", E00434050( &_v20)) & 0x000000ff) != 0) {
					if((E00404920(E00404820()) & 0x000000ff) != 0 || ( *0x5bdd29 & 0x000000ff) != 0) {
						E004169E0( &_v56, L"brwseCntnr");
						_v8 = 2;
						 *((intOrPtr*)( *((intOrPtr*)( *_v64 + 0x80))))(_v64, L"hideElmnt",  &_v56, 1, 0);
						_v8 = 0;
						E00417430( &_v56);
					} else {
						E004169E0( &_v40, E00404930(E00404820()));
						_v8 = 1;
						PathRemoveBackslashW(_v32);
						 *((intOrPtr*)( *((intOrPtr*)( *_v64 + 0x80))))(_v64, L"setBrowse",  &_v40, 1, 0);
						_v8 = 0;
						E00417430( &_v40);
					}
					_v58 = 1;
					_v8 = 0xffffffff;
					E0040D320();
					_t49 = _v58;
				} else {
					_v57 = 0;
					_v8 = 0xffffffff;
					E0040D320();
					_t49 = _v57;
				}
				 *[fs:0x0] = _v16;
				return _t49;
			}















                                                                                                                                                                                0x004f07a3
                                                                                                                                                                                0x004f07a5
                                                                                                                                                                                0x004f07b0
                                                                                                                                                                                0x004f07b4
                                                                                                                                                                                0x004f07bb
                                                                                                                                                                                0x004f07bf
                                                                                                                                                                                0x004f07c5
                                                                                                                                                                                0x004f07cb
                                                                                                                                                                                0x004f07d0
                                                                                                                                                                                0x004f07f2
                                                                                                                                                                                0x004f0820
                                                                                                                                                                                0x004f0884
                                                                                                                                                                                0x004f0889
                                                                                                                                                                                0x004f08a9
                                                                                                                                                                                0x004f08ab
                                                                                                                                                                                0x004f08b2
                                                                                                                                                                                0x004f082d
                                                                                                                                                                                0x004f083d
                                                                                                                                                                                0x004f0842
                                                                                                                                                                                0x004f084a
                                                                                                                                                                                0x004f086c
                                                                                                                                                                                0x004f086e
                                                                                                                                                                                0x004f0875
                                                                                                                                                                                0x004f0875
                                                                                                                                                                                0x004f08b7
                                                                                                                                                                                0x004f08bb
                                                                                                                                                                                0x004f08c5
                                                                                                                                                                                0x004f08ca
                                                                                                                                                                                0x004f07f4
                                                                                                                                                                                0x004f07f4
                                                                                                                                                                                0x004f07f8
                                                                                                                                                                                0x004f0802
                                                                                                                                                                                0x004f0807
                                                                                                                                                                                0x004f0807
                                                                                                                                                                                0x004f08d0
                                                                                                                                                                                0x004f08db

                                                                                                                                                                                APIs
                                                                                                                                                                                • _Immortalize.LIBCPMTD ref: 004F080F
                                                                                                                                                                                • _Immortalize.LIBCPMTD ref: 004F082D
                                                                                                                                                                                • PathRemoveBackslashW.SHLWAPI(?,00000000,brwseCntnr,00000000,554C9AD9,?,?,?,?,?,?,?,00000000,00507C92,000000FF), ref: 004F084A
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Immortalize$BackslashPathRemove
                                                                                                                                                                                • String ID: brwseCntnr$brwseCntnr$hideElmnt$setBrowse
                                                                                                                                                                                • API String ID: 2946794254-14752801
                                                                                                                                                                                • Opcode ID: aa4e9a2065ffbc5d84d15672093c52eb6e90488d1ec1617788d1aa26f9c84a39
                                                                                                                                                                                • Instruction ID: 996e323863dc21f8ddc5e25e8d50fa9a8077a5c7caa1c71174538892715ef173
                                                                                                                                                                                • Opcode Fuzzy Hash: aa4e9a2065ffbc5d84d15672093c52eb6e90488d1ec1617788d1aa26f9c84a39
                                                                                                                                                                                • Instruction Fuzzy Hash: D031C570E04148ABDB08EBA5E952BFEBBB4BF54304F10416DF551A72D2DB786D04CB94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004C94C0, Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 91COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                			E004C94C0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v530;
				short _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				char _v544;
				char _v576;
				char _v577;
				signed int _t30;
				signed int _t31;
				char _t33;
				short _t34;
				void* _t45;
				void* _t50;
				intOrPtr _t51;
				intOrPtr _t75;
				void* _t79;
				signed int _t80;

				_t79 = __esi;
				_t78 = __edi;
				_t50 = __ebx;
				_push(0xffffffff);
				_push(0x509731);
				_push( *[fs:0x0]);
				_t30 =  *0x561244; // 0x554c9ad9
				_t31 = _t30 ^ _t80;
				_v20 = _t31;
				_push(_t31);
				 *[fs:0x0] =  &_v16;
				_t33 = L"res://"; // 0x650072
				_v544 = _t33;
				_t51 = M00532BB0; // 0x3a0073
				_v540 = _t51;
				_t75 =  *0x532bb4; // 0x2f002f
				_v536 = _t75;
				_t34 =  *0x532bb8; // 0x0
				_v532 = _t34;
				E00451D90(__edi,  &_v530, 0, 0x1fa);
				GetModuleFileNameW(E0042DE70(0x5c1a9c),  &_v532, 0xfe);
				E00417910( &_v544, E00434050( &_v577));
				_v8 = 0;
				E004181D0(_a8,  &_v576);
				_v8 = 0xffffffff;
				E004176E0();
				if(_a12 != 0) {
					if(_a12 != 1) {
						if(_a12 != 3) {
							E004130D0(_a8 + 4, L"/#2/BMP_");
						} else {
							E004130D0(_a8 + 4, L"/PNG/PNG_");
						}
					} else {
						E004130D0(_a8 + 4, L"/GIFS/IMG_");
					}
				} else {
					E004130D0(_a8 + 4, L"/GIFS/");
				}
				E004130D0(_a8 + 4, _a4);
				_t45 = E00416A30(_a8 + 4);
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t45, _t50, _v20 ^ _t80, _a4, _t78, _t79);
			}























                                                                                                                                                                                0x004c94c0
                                                                                                                                                                                0x004c94c0
                                                                                                                                                                                0x004c94c0
                                                                                                                                                                                0x004c94c3
                                                                                                                                                                                0x004c94c5
                                                                                                                                                                                0x004c94d0
                                                                                                                                                                                0x004c94d7
                                                                                                                                                                                0x004c94dc
                                                                                                                                                                                0x004c94de
                                                                                                                                                                                0x004c94e1
                                                                                                                                                                                0x004c94e5
                                                                                                                                                                                0x004c94eb
                                                                                                                                                                                0x004c94f0
                                                                                                                                                                                0x004c94f6
                                                                                                                                                                                0x004c94fc
                                                                                                                                                                                0x004c9502
                                                                                                                                                                                0x004c9508
                                                                                                                                                                                0x004c950e
                                                                                                                                                                                0x004c9514
                                                                                                                                                                                0x004c9529
                                                                                                                                                                                0x004c9548
                                                                                                                                                                                0x004c9567
                                                                                                                                                                                0x004c956c
                                                                                                                                                                                0x004c957d
                                                                                                                                                                                0x004c9582
                                                                                                                                                                                0x004c958f
                                                                                                                                                                                0x004c9598
                                                                                                                                                                                0x004c95b0
                                                                                                                                                                                0x004c95c8
                                                                                                                                                                                0x004c95e7
                                                                                                                                                                                0x004c95ca
                                                                                                                                                                                0x004c95d5
                                                                                                                                                                                0x004c95d5
                                                                                                                                                                                0x004c95b2
                                                                                                                                                                                0x004c95bd
                                                                                                                                                                                0x004c95bd
                                                                                                                                                                                0x004c959a
                                                                                                                                                                                0x004c95a5
                                                                                                                                                                                0x004c95a5
                                                                                                                                                                                0x004c95f6
                                                                                                                                                                                0x004c9601
                                                                                                                                                                                0x004c9609
                                                                                                                                                                                0x004c961e

                                                                                                                                                                                APIs
                                                                                                                                                                                • _memset.LIBCMT ref: 004C9529
                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,000000FE,?,?,554C9AD9), ref: 004C9548
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileModuleName_memset
                                                                                                                                                                                • String ID: /#2/BMP_$/GIFS/$/GIFS/IMG_$/PNG/PNG_$res://
                                                                                                                                                                                • API String ID: 158409099-203929119
                                                                                                                                                                                • Opcode ID: b0b9302b2083009c6b7f58464a502468aa8a114f2a032963556be2bb569e9475
                                                                                                                                                                                • Instruction ID: 0b1c1c9f6f186164942746de259c9d6f7ab329896894dcb7d269e9c6bab858ef
                                                                                                                                                                                • Opcode Fuzzy Hash: b0b9302b2083009c6b7f58464a502468aa8a114f2a032963556be2bb569e9475
                                                                                                                                                                                • Instruction Fuzzy Hash: FA31AE35600209ABDB14EF54DC65BEEB7B4FF14318F00819EE81A67281DB78AB84CF59
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004F77C0, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 81libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 54%
                                                                                                                                                                                			E004F77C0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				struct HINSTANCE__* _v24;
				_Unknown_base(*)()* _v28;
				signed int _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				short _v42;
				short _v44;
				char _v48;
				char _v52;
				char _v84;
				char _v85;
				intOrPtr _v92;
				signed int _t39;
				signed int _t40;
				void* _t55;
				void* _t70;
				void* _t71;
				signed int _t72;

				_t71 = __esi;
				_t70 = __edi;
				_t55 = __ebx;
				_push(0xffffffff);
				_push(0x5099bc);
				_push( *[fs:0x0]);
				_t39 =  *0x561244; // 0x554c9ad9
				_t40 = _t39 ^ _t72;
				_v32 = _t40;
				_push(_t40);
				 *[fs:0x0] =  &_v16;
				_v92 = __ecx;
				_v20 = 0x80004005;
				if((E00494F20(__eflags) & 0x000000ff) != 0) {
					_v24 = GetModuleHandleW(L"shell32.dll");
					if(_v24 != 0) {
						_v48 = 0xa520a1a4;
						_v44 = 0x1780;
						_v42 = 0x4ff6;
						_v40 = 0xbd;
						_v39 = 0x18;
						_v38 = 0x16;
						_v37 = 0x73;
						_v36 = 0x43;
						_v35 = 0xc5;
						_v34 = 0xaf;
						_v33 = 0x16;
						_v28 = GetProcAddress(_v24, "SHGetKnownFolderPath");
						_v52 = 0;
						_t68 =  &_v48;
						_v20 = _v28( &_v48, 0, 0,  &_v52);
						if(_v20 >= 0) {
							E00417910(_v52, E00434050( &_v85));
							_v8 = 0;
							E004181D0(_a4,  &_v84);
							_v8 = 0xffffffff;
							E004176E0();
							_t68 = _v52;
							__imp__CoTaskMemFree(_v52);
						}
					}
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_v20, _t55, _v32 ^ _t72, _t68, _t70, _t71);
			}






























                                                                                                                                                                                0x004f77c0
                                                                                                                                                                                0x004f77c0
                                                                                                                                                                                0x004f77c0
                                                                                                                                                                                0x004f77c3
                                                                                                                                                                                0x004f77c5
                                                                                                                                                                                0x004f77d0
                                                                                                                                                                                0x004f77d4
                                                                                                                                                                                0x004f77d9
                                                                                                                                                                                0x004f77db
                                                                                                                                                                                0x004f77de
                                                                                                                                                                                0x004f77e2
                                                                                                                                                                                0x004f77e8
                                                                                                                                                                                0x004f77eb
                                                                                                                                                                                0x004f77fc
                                                                                                                                                                                0x004f780d
                                                                                                                                                                                0x004f7814
                                                                                                                                                                                0x004f781a
                                                                                                                                                                                0x004f7826
                                                                                                                                                                                0x004f782f
                                                                                                                                                                                0x004f7833
                                                                                                                                                                                0x004f7837
                                                                                                                                                                                0x004f783b
                                                                                                                                                                                0x004f783f
                                                                                                                                                                                0x004f7843
                                                                                                                                                                                0x004f7847
                                                                                                                                                                                0x004f784b
                                                                                                                                                                                0x004f784f
                                                                                                                                                                                0x004f7862
                                                                                                                                                                                0x004f7865
                                                                                                                                                                                0x004f7874
                                                                                                                                                                                0x004f787b
                                                                                                                                                                                0x004f7882
                                                                                                                                                                                0x004f7894
                                                                                                                                                                                0x004f7899
                                                                                                                                                                                0x004f78a7
                                                                                                                                                                                0x004f78ac
                                                                                                                                                                                0x004f78b6
                                                                                                                                                                                0x004f78bb
                                                                                                                                                                                0x004f78bf
                                                                                                                                                                                0x004f78bf
                                                                                                                                                                                0x004f7882
                                                                                                                                                                                0x004f7814
                                                                                                                                                                                0x004f78cb
                                                                                                                                                                                0x004f78e0

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(shell32.dll,554C9AD9,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004F7807
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 004F785C
                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000,00000000,00000000,00000000), ref: 004F78BF
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressFreeHandleModuleProcTask
                                                                                                                                                                                • String ID: C$SHGetKnownFolderPath$s$shell32.dll
                                                                                                                                                                                • API String ID: 1393578788-539164948
                                                                                                                                                                                • Opcode ID: 7fd79b73040cf1c5afba74791c36669fb2ac7a8e4b36ec82a03f5bcca0a0a8f1
                                                                                                                                                                                • Instruction ID: e438083bd470e43fbfbae12d09a7b573e632ec96e71d2f730542e86923fc3637
                                                                                                                                                                                • Opcode Fuzzy Hash: 7fd79b73040cf1c5afba74791c36669fb2ac7a8e4b36ec82a03f5bcca0a0a8f1
                                                                                                                                                                                • Instruction Fuzzy Hash: 7F313771D042499BDB00DFE8D949BEEBBB4AF19314F00462DE511BB2D1DB785A08CBA9
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0040F720, Relevance: 12.1, APIs: 8, Instructions: 101COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E0040F720(intOrPtr _a4, signed int _a12, struct HDC__** _a16) {
				struct tagRECT _v20;
				struct HDC__* _v24;
				struct HBITMAP__* _v28;
				void* _v32;

				if(_a16 == 0) {
					return 0x80004003;
				}
				if(( *(_a4 + 0x30) & 0x000000ff) != 0) {
					 *_a16 = E0040F700(_a4 - 0x28);
					if( *_a16 != 0) {
						 *(_a4 + 0x30) = 0;
						if((_a12 & 0x00000001) == 0) {
							E00416BC0(_a4 - 0x28,  &_v20);
							if((_a12 & 0x00000004) != 0) {
								_v24 = CreateCompatibleDC( *_a16);
								if(_v24 != 0) {
									_v28 = CreateCompatibleBitmap( *_a16, _v20.right - _v20.left, _v20.bottom - _v20.top);
									if(_v28 != 0) {
										_v32 = SelectObject(_v24, _v28);
										if(_v32 != 0) {
											DeleteObject(_v32);
											 *(_a4 + 0x2c) =  *_a16;
											 *_a16 = _v24;
										} else {
											DeleteObject(_v28);
											DeleteDC(_v24);
										}
									} else {
										DeleteDC(_v24);
									}
								}
							}
							if((_a12 & 0x00000002) != 0) {
								FillRect( *_a16,  &_v20, 6);
							}
							return 0;
						}
						return 0;
					}
					return 0x80004005;
				} else {
					return 0x80004005;
				}
			}







                                                                                                                                                                                0x0040f72a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040f72c
                                                                                                                                                                                0x0040f73f
                                                                                                                                                                                0x0040f759
                                                                                                                                                                                0x0040f761
                                                                                                                                                                                0x0040f770
                                                                                                                                                                                0x0040f77a
                                                                                                                                                                                0x0040f78d
                                                                                                                                                                                0x0040f798
                                                                                                                                                                                0x0040f7aa
                                                                                                                                                                                0x0040f7b1
                                                                                                                                                                                0x0040f7cd
                                                                                                                                                                                0x0040f7d4
                                                                                                                                                                                0x0040f7f0
                                                                                                                                                                                0x0040f7f7
                                                                                                                                                                                0x0040f813
                                                                                                                                                                                0x0040f821
                                                                                                                                                                                0x0040f82a
                                                                                                                                                                                0x0040f7f9
                                                                                                                                                                                0x0040f7fd
                                                                                                                                                                                0x0040f807
                                                                                                                                                                                0x0040f807
                                                                                                                                                                                0x0040f7d6
                                                                                                                                                                                0x0040f7da
                                                                                                                                                                                0x0040f7da
                                                                                                                                                                                0x0040f7d4
                                                                                                                                                                                0x0040f7b1
                                                                                                                                                                                0x0040f832
                                                                                                                                                                                0x0040f840
                                                                                                                                                                                0x0040f840
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040f846
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040f77c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040f741
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040f741

                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7790f0f0a47ac65401f1fb5780a7dd394661dcc84927e9e266b1b9cad848c9df
                                                                                                                                                                                • Instruction ID: 016c94314b8a7c7c4dc36120d6fae83ce340dfe948184dbdff37145c959fcf1d
                                                                                                                                                                                • Opcode Fuzzy Hash: 7790f0f0a47ac65401f1fb5780a7dd394661dcc84927e9e266b1b9cad848c9df
                                                                                                                                                                                • Instruction Fuzzy Hash: E8414175900109DFDB14DFA8D988AAF77B5FB49300F108539E906AB350C738ED45CBA5
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0040DE30, Relevance: 10.9, APIs: 7, Instructions: 413COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                			E0040DE30(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, signed short* _a8, struct HWND__* _a12, intOrPtr _a16, void* _a20, intOrPtr* _a24, intOrPtr _a28, intOrPtr _a32) {
				char _v8;
				char _v16;
				signed char _v17;
				void* _v24;
				signed char _v25;
				char _v32;
				signed int _v36;
				void* _v40;
				long _v44;
				char _v48;
				void* _v52;
				char _v56;
				char _v60;
				char _v80;
				char _v96;
				intOrPtr* _v100;
				intOrPtr* _v104;
				intOrPtr* _v108;
				intOrPtr* _v112;
				intOrPtr* _v116;
				signed int _t183;
				void* _t189;
				void* _t236;
				void* _t245;
				void* _t275;
				intOrPtr* _t283;
				intOrPtr* _t368;
				void* _t401;
				void* _t402;
				signed int _t403;

				_t402 = __esi;
				_t401 = __edi;
				_t275 = __ebx;
				_push(0xffffffff);
				_push(0x514ce0);
				_push( *[fs:0x0]);
				_t183 =  *0x561244; // 0x554c9ad9
				_push(_t183 ^ _t403);
				 *[fs:0x0] =  &_v16;
				if(_a20 != 0) {
					 *_a20 = 0;
					_v24 = 1;
					_v17 = 0;
					E00412660(_a4 - 0x24);
					if( *((intOrPtr*)(_a4 - 0x20)) != 0 &&  *((intOrPtr*)(_a4 - 0x20)) != _a12) {
						E0040DD20(_a4 - 0x20, 0, 0, 0x507);
						E0040DDE0(_a4 - 0x24);
					}
					if(IsWindow(_a12) == 0) {
						L55:
						_t189 = _v24;
						goto L56;
					}
					if( *((intOrPtr*)(_a4 - 0x20)) != _a12) {
						E0040D210(_a4 - 0x24, _a12);
						_v17 = 1;
					}
					_t365 = _a4;
					if( *((intOrPtr*)(_a4 + 0xa8)) == 0) {
						if(E0040D250(_t275, _a4 - 0x20, _t365, _t401, _t402) == 0) {
							 *((intOrPtr*)(_a4 + 0xa8)) = GetSysColor(5);
						} else {
							 *((intOrPtr*)(_a4 + 0xa8)) = GetSysColor(0xf);
						}
					}
					_v25 = 0;
					_v24 = E004F0010(_t275, _a20, _t401, _t402, _a8, 0x53bab4, _a20,  &_v25, _a32);
					if(_v24 >= 0) {
						_v24 = E0040D6B0(_a4 - 0x24,  *_a20, 0, _a16);
					}
					_t283 = _a24;
					_t368 = _a4 + 0x5c;
					 *_t368 =  *_t283;
					 *((intOrPtr*)(_t368 + 4)) =  *((intOrPtr*)(_t283 + 4));
					 *((intOrPtr*)(_t368 + 8)) =  *((intOrPtr*)(_t283 + 8));
					 *((intOrPtr*)(_t368 + 0xc)) =  *((intOrPtr*)(_t283 + 0xc));
					if(_v24 >= 0 &&  *_a20 != 0 && _a28 != 0) {
						E00414CE0( *_a20, _a28, _a4 + 0x5c, _a4 + 0x70);
					}
					if(_v24 < 0 || (_v25 & 0x000000ff) == 0 ||  *_a20 == 0) {
						L49:
						if(_v24 < 0 || (E00412640(_a4 + 0x3c, 0) & 0x000000ff) != 0) {
							E00412660(_a4 - 0x24);
							if( *((intOrPtr*)(_a4 - 0x20)) != 0) {
								E0040DD20(_a4 - 0x20, 0, 0, 0x507);
								if(_v24 < 0 && (_v17 & 0x000000ff) != 0) {
									E0040DDE0(_a4 - 0x24);
								}
							}
						}
						goto L55;
					} else {
						if((E00416C00(_a4 - 0x20) & 0x00300000) != 0) {
							_v36 = E00416C00(_a4 - 0x20);
							E00415FF0(_a4 - 0x20, 0xfffffff0, _v36 & 0xffcfffff);
							E00416C20(_a4 - 0x20, 0, 0, 0, 0, 0, 0x37);
						} else {
							 *(_a4 + 0xbc) =  *(_a4 + 0xbc) | 0x00000008;
						}
						E00417520( *_a20);
						_v8 = 0;
						if(( *_a8 & 0x0000ffff) == 0x4d || ( *_a8 & 0x0000ffff) == 0x6d) {
							if((_a8[1] & 0x0000ffff) == 0x53 || (_a8[1] & 0x0000ffff) == 0x73) {
								if((_a8[2] & 0x0000ffff) == 0x48 || (_a8[2] & 0x0000ffff) == 0x68) {
									if((_a8[3] & 0x0000ffff) == 0x54 || (_a8[3] & 0x0000ffff) == 0x74) {
										if((_a8[4] & 0x0000ffff) == 0x4d || (_a8[4] & 0x0000ffff) == 0x6d) {
											if((_a8[5] & 0x0000ffff) == 0x4c || (_a8[5] & 0x0000ffff) == 0x6c) {
												if((_a8[6] & 0x0000ffff) != 0x3a) {
													goto L45;
												}
												_t236 = E00414FD0(_a8);
												_t96 = _t236 - 0xe; // -14
												_v44 = _t236 + _t96;
												_v40 = GlobalAlloc(0x42, _v44);
												if(_v40 == 0) {
													_v24 = 0x8007000e;
												} else {
													E00414C90();
													_v8 = 1;
													_v52 = GlobalLock(_v40);
													E004112E0(_t275, _v52, _v44,  &(_a8[7]), _v44);
													GlobalUnlock(_v40);
													_t245 = _v40;
													__imp__CreateStreamOnHGlobal(_t245, 1, E00434050( &_v48));
													_v24 = _t245;
													if(_v24 >= 0) {
														E00414C90();
														_v8 = 2;
														_v100 = E0041D530( &_v32);
														_v24 =  *((intOrPtr*)( *((intOrPtr*)( *_v100))))(_v100, 0x53bad4, E00434050( &_v56));
														if(_v24 >= 0) {
															_v104 = E0041D530( &_v56);
															_v24 =  *((intOrPtr*)( *((intOrPtr*)( *_v104 + 0x14))))(_v104, E0041D530( &_v48));
														}
														_v8 = 1;
														E0040D320();
													}
													_v8 = 0;
													E0040D320();
												}
												goto L48;
											} else {
												goto L45;
											}
										} else {
											goto L45;
										}
									} else {
										goto L45;
									}
								} else {
									goto L45;
								}
							} else {
								goto L45;
							}
						} else {
							L45:
							E00414C90();
							_v8 = 3;
							_v108 = E0041D530( &_v32);
							 *((intOrPtr*)( *((intOrPtr*)( *_v108))))(_v108, 0x53bb34, E00434050( &_v60));
							if(E0041D530( &_v60) != 0) {
								E00416A10( &_v80);
								_v8 = 4;
								E004169E0( &_v96, _a8);
								_v8 = 5;
								_v112 = E0041D530( &_v60);
								 *((intOrPtr*)( *((intOrPtr*)( *_v112 + 0xa4))))(_v112, 0xffffffff);
								_v116 = E0041D530( &_v60);
								 *((intOrPtr*)( *((intOrPtr*)( *_v116 + 0xd0))))(_v116,  &_v96,  &_v80,  &_v80,  &_v80,  &_v80);
								_v8 = 4;
								E00417430( &_v96);
								_v8 = 3;
								E00417430( &_v80);
							}
							_v8 = 0;
							E0040D320();
							L48:
							_v8 = 0xffffffff;
							E0040D320();
							goto L49;
						}
					}
				} else {
					_t189 = 0x80004003;
					L56:
					 *[fs:0x0] = _v16;
					return _t189;
				}
			}

































                                                                                                                                                                                0x0040de30
                                                                                                                                                                                0x0040de30
                                                                                                                                                                                0x0040de30
                                                                                                                                                                                0x0040de33
                                                                                                                                                                                0x0040de35
                                                                                                                                                                                0x0040de40
                                                                                                                                                                                0x0040de44
                                                                                                                                                                                0x0040de4b
                                                                                                                                                                                0x0040de4f
                                                                                                                                                                                0x0040de59
                                                                                                                                                                                0x0040de68
                                                                                                                                                                                0x0040de6e
                                                                                                                                                                                0x0040de75
                                                                                                                                                                                0x0040de7f
                                                                                                                                                                                0x0040de8b
                                                                                                                                                                                0x0040dea7
                                                                                                                                                                                0x0040deb2
                                                                                                                                                                                0x0040deb2
                                                                                                                                                                                0x0040dec3
                                                                                                                                                                                0x0040e354
                                                                                                                                                                                0x0040e354
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040e354
                                                                                                                                                                                0x0040ded2
                                                                                                                                                                                0x0040dede
                                                                                                                                                                                0x0040dee3
                                                                                                                                                                                0x0040dee3
                                                                                                                                                                                0x0040dee7
                                                                                                                                                                                0x0040def1
                                                                                                                                                                                0x0040df00
                                                                                                                                                                                0x0040df20
                                                                                                                                                                                0x0040df02
                                                                                                                                                                                0x0040df0d
                                                                                                                                                                                0x0040df0d
                                                                                                                                                                                0x0040df00
                                                                                                                                                                                0x0040df26
                                                                                                                                                                                0x0040df47
                                                                                                                                                                                0x0040df4e
                                                                                                                                                                                0x0040df67
                                                                                                                                                                                0x0040df67
                                                                                                                                                                                0x0040df6a
                                                                                                                                                                                0x0040df70
                                                                                                                                                                                0x0040df75
                                                                                                                                                                                0x0040df7a
                                                                                                                                                                                0x0040df80
                                                                                                                                                                                0x0040df86
                                                                                                                                                                                0x0040df8d
                                                                                                                                                                                0x0040dfb5
                                                                                                                                                                                0x0040dfb5
                                                                                                                                                                                0x0040dfbe
                                                                                                                                                                                0x0040e2f9
                                                                                                                                                                                0x0040e2fd
                                                                                                                                                                                0x0040e319
                                                                                                                                                                                0x0040e325
                                                                                                                                                                                0x0040e336
                                                                                                                                                                                0x0040e33f
                                                                                                                                                                                0x0040e34f
                                                                                                                                                                                0x0040e34f
                                                                                                                                                                                0x0040e33f
                                                                                                                                                                                0x0040e325
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040dfdc
                                                                                                                                                                                0x0040dfec
                                                                                                                                                                                0x0040e010
                                                                                                                                                                                0x0040e025
                                                                                                                                                                                0x0040e03c
                                                                                                                                                                                0x0040dfee
                                                                                                                                                                                0x0040dffd
                                                                                                                                                                                0x0040dffd
                                                                                                                                                                                0x0040e04a
                                                                                                                                                                                0x0040e04f
                                                                                                                                                                                0x0040e05f
                                                                                                                                                                                0x0040e07a
                                                                                                                                                                                0x0040e096
                                                                                                                                                                                0x0040e0b2
                                                                                                                                                                                0x0040e0ce
                                                                                                                                                                                0x0040e0ea
                                                                                                                                                                                0x0040e106
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040e110
                                                                                                                                                                                0x0040e118
                                                                                                                                                                                0x0040e11c
                                                                                                                                                                                0x0040e12b
                                                                                                                                                                                0x0040e132
                                                                                                                                                                                0x0040e20e
                                                                                                                                                                                0x0040e138
                                                                                                                                                                                0x0040e13b
                                                                                                                                                                                0x0040e140
                                                                                                                                                                                0x0040e14e
                                                                                                                                                                                0x0040e164
                                                                                                                                                                                0x0040e170
                                                                                                                                                                                0x0040e181
                                                                                                                                                                                0x0040e185
                                                                                                                                                                                0x0040e18b
                                                                                                                                                                                0x0040e192
                                                                                                                                                                                0x0040e197
                                                                                                                                                                                0x0040e19c
                                                                                                                                                                                0x0040e1a8
                                                                                                                                                                                0x0040e1c6
                                                                                                                                                                                0x0040e1cd
                                                                                                                                                                                0x0040e1d7
                                                                                                                                                                                0x0040e1f1
                                                                                                                                                                                0x0040e1f1
                                                                                                                                                                                0x0040e1f4
                                                                                                                                                                                0x0040e1fb
                                                                                                                                                                                0x0040e1fb
                                                                                                                                                                                0x0040e200
                                                                                                                                                                                0x0040e207
                                                                                                                                                                                0x0040e207
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040e21a
                                                                                                                                                                                0x0040e21a
                                                                                                                                                                                0x0040e21d
                                                                                                                                                                                0x0040e222
                                                                                                                                                                                0x0040e22e
                                                                                                                                                                                0x0040e24a
                                                                                                                                                                                0x0040e256
                                                                                                                                                                                0x0040e25f
                                                                                                                                                                                0x0040e264
                                                                                                                                                                                0x0040e26f
                                                                                                                                                                                0x0040e274
                                                                                                                                                                                0x0040e280
                                                                                                                                                                                0x0040e294
                                                                                                                                                                                0x0040e29e
                                                                                                                                                                                0x0040e2c4
                                                                                                                                                                                0x0040e2c6
                                                                                                                                                                                0x0040e2cd
                                                                                                                                                                                0x0040e2d2
                                                                                                                                                                                0x0040e2d9
                                                                                                                                                                                0x0040e2d9
                                                                                                                                                                                0x0040e2de
                                                                                                                                                                                0x0040e2e5
                                                                                                                                                                                0x0040e2ea
                                                                                                                                                                                0x0040e2ea
                                                                                                                                                                                0x0040e2f4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040e2f4
                                                                                                                                                                                0x0040e05f
                                                                                                                                                                                0x0040de5b
                                                                                                                                                                                0x0040de5b
                                                                                                                                                                                0x0040e357
                                                                                                                                                                                0x0040e35a
                                                                                                                                                                                0x0040e365
                                                                                                                                                                                0x0040e365

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ColorWindow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4045458706-0
                                                                                                                                                                                • Opcode ID: 357680163ede39ea106b7bf8973fb13cc87f1b2c706bd25e2ed9f0712c607f80
                                                                                                                                                                                • Instruction ID: a61d8b1859fa99b295e73fed47a3b7f2fdef4b658f642da17756032c367e7847
                                                                                                                                                                                • Opcode Fuzzy Hash: 357680163ede39ea106b7bf8973fb13cc87f1b2c706bd25e2ed9f0712c607f80
                                                                                                                                                                                • Instruction Fuzzy Hash: 27025E70900108EFDB04DF95C895BEEBBB5EF58304F14816EF815AB2D1DB38AA85CB95
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004F0010, Relevance: 10.7, APIs: 7, Instructions: 213COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 39%
                                                                                                                                                                                			E004F0010(void* __ebx, signed short* __edx, void* __edi, void* __esi, signed short* _a4, signed short* _a8, signed short* _a12, signed short* _a16, intOrPtr _a20) {
				signed short _v8;
				char _v16;
				signed short* _v20;
				signed int _v24;
				char _v40;
				char _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr* _v64;
				signed int _t87;
				signed int _t88;
				signed short* _t91;
				intOrPtr _t104;
				signed short* _t105;
				signed short* _t107;
				signed short* _t113;
				signed short* _t114;
				signed short* _t115;
				signed short* _t116;
				void* _t121;
				intOrPtr _t143;
				void* _t164;
				void* _t165;
				signed int _t166;

				_t165 = __esi;
				_t164 = __edi;
				_t152 = __edx;
				_t121 = __ebx;
				_push(0xffffffff);
				_push(0x505d62);
				_push( *[fs:0x0]);
				_t87 =  *0x561244; // 0x554c9ad9
				_t88 = _t87 ^ _t166;
				_v24 = _t88;
				_push(_t88);
				 *[fs:0x0] =  &_v16;
				if(_a12 != 0) {
					 *_a12 = 0;
					_v20 = 0x80004005;
					 *_a16 = 0;
					if(_a4 == 0) {
						L4:
						_t91 = 0;
						goto L32;
					}
					_t152 = _a4;
					if(( *_a4 & 0x0000ffff) != 0) {
						if(( *_a4 & 0x0000ffff) == 0x4d || ( *_a4 & 0x0000ffff) == 0x6d) {
							if((_a4[1] & 0x0000ffff) == 0x53 || (_a4[1] & 0x0000ffff) == 0x73) {
								if((_a4[2] & 0x0000ffff) == 0x48 || (_a4[2] & 0x0000ffff) == 0x68) {
									if((_a4[3] & 0x0000ffff) == 0x54 || (_a4[3] & 0x0000ffff) == 0x74) {
										if((_a4[4] & 0x0000ffff) == 0x4d || (_a4[4] & 0x0000ffff) == 0x6d) {
											if((_a4[5] & 0x0000ffff) == 0x4c || (_a4[5] & 0x0000ffff) == 0x6c) {
												if((_a4[6] & 0x0000ffff) != 0x3a) {
													goto L19;
												} else {
													_t116 = _a12;
													__imp__CoCreateInstance(0x53baf4, 0, 1, _a8, _t116);
													_v20 = _t116;
													_t152 = _a16;
													 *_a16 = 1;
													goto L31;
												}
											} else {
												goto L19;
											}
										} else {
											goto L19;
										}
									} else {
										goto L19;
									}
								} else {
									goto L19;
								}
							} else {
								goto L19;
							}
						} else {
							L19:
							_v56 = E0040B170( &_v52, _a4);
							_v60 = _v56;
							_v8 = 0;
							_v48 = E0040D2B0(_v60, E0041D530(_v60), ":");
							_v8 = 0xffffffff;
							E0043F710(_t101,  &_v52);
							if(_v48 == 0) {
								_t152 = _a4;
								if(E00414FD0(_a4) < 0xff) {
									_t113 = _a4;
									if(( *_t113 & 0x0000ffff) != 0x7b) {
										_t152 = _a4;
										__imp__CLSIDFromProgID(_a4,  &_v40);
										_v20 = _t113;
									} else {
										_t152 =  &_v40;
										_t114 = _a4;
										__imp__CLSIDFromString(_t114,  &_v40);
										_v20 = _t114;
									}
								}
								if(_v20 >= 0) {
									_t104 = _a20;
									__imp__#7(_t104);
									if(_t104 == 0) {
										_t105 = _a12;
										_t152 =  &_v40;
										__imp__CoCreateInstance( &_v40, 0, 1, _a8, _t105);
										_v20 = _t105;
									} else {
										E00414C90();
										_v8 = 1;
										_t107 = E00434050( &_v44);
										__imp__CoGetClassObject( &_v40, 1, 0, 0x53bb14, _t107);
										_v20 = _t107;
										if(_v20 >= 0) {
											_v64 = E0041D530( &_v44);
											_t143 =  *_v64;
											_t152 =  *(_t143 + 0x1c);
											_v20 =  *( *(_t143 + 0x1c))(_v64, 0, 0, _a8, _a20, _a12);
										}
										_v8 = 0xffffffff;
										E0040D320();
									}
								}
							} else {
								_t152 = _a12;
								_t115 = _a8;
								__imp__CoCreateInstance(0x53bb04, 0, 1, _t115, _a12);
								_v20 = _t115;
								 *_a16 = 1;
							}
							L31:
							_t91 = _v20;
							goto L32;
						}
					}
					goto L4;
				} else {
					_t91 = 0x80004003;
					L32:
					 *[fs:0x0] = _v16;
					return E0044F6C8(_t91, _t121, _v24 ^ _t166, _t152, _t164, _t165);
				}
			}





























                                                                                                                                                                                0x004f0010
                                                                                                                                                                                0x004f0010
                                                                                                                                                                                0x004f0010
                                                                                                                                                                                0x004f0010
                                                                                                                                                                                0x004f0013
                                                                                                                                                                                0x004f0015
                                                                                                                                                                                0x004f0020
                                                                                                                                                                                0x004f0024
                                                                                                                                                                                0x004f0029
                                                                                                                                                                                0x004f002b
                                                                                                                                                                                0x004f002e
                                                                                                                                                                                0x004f0032
                                                                                                                                                                                0x004f003c
                                                                                                                                                                                0x004f004b
                                                                                                                                                                                0x004f0051
                                                                                                                                                                                0x004f005b
                                                                                                                                                                                0x004f0062
                                                                                                                                                                                0x004f006e
                                                                                                                                                                                0x004f006e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f006e
                                                                                                                                                                                0x004f0064
                                                                                                                                                                                0x004f006c
                                                                                                                                                                                0x004f007e
                                                                                                                                                                                0x004f0099
                                                                                                                                                                                0x004f00b5
                                                                                                                                                                                0x004f00cd
                                                                                                                                                                                0x004f00e5
                                                                                                                                                                                0x004f00fd
                                                                                                                                                                                0x004f0115
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f0117
                                                                                                                                                                                0x004f0117
                                                                                                                                                                                0x004f0128
                                                                                                                                                                                0x004f012e
                                                                                                                                                                                0x004f0131
                                                                                                                                                                                0x004f0134
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f0134
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f013c
                                                                                                                                                                                0x004f013c
                                                                                                                                                                                0x004f0148
                                                                                                                                                                                0x004f014e
                                                                                                                                                                                0x004f0151
                                                                                                                                                                                0x004f016e
                                                                                                                                                                                0x004f0171
                                                                                                                                                                                0x004f017b
                                                                                                                                                                                0x004f0184
                                                                                                                                                                                0x004f01ab
                                                                                                                                                                                0x004f01bc
                                                                                                                                                                                0x004f01be
                                                                                                                                                                                0x004f01c7
                                                                                                                                                                                0x004f01e0
                                                                                                                                                                                0x004f01e4
                                                                                                                                                                                0x004f01ea
                                                                                                                                                                                0x004f01c9
                                                                                                                                                                                0x004f01c9
                                                                                                                                                                                0x004f01cd
                                                                                                                                                                                0x004f01d1
                                                                                                                                                                                0x004f01d7
                                                                                                                                                                                0x004f01d7
                                                                                                                                                                                0x004f01c7
                                                                                                                                                                                0x004f01f1
                                                                                                                                                                                0x004f01f7
                                                                                                                                                                                0x004f01fb
                                                                                                                                                                                0x004f0203
                                                                                                                                                                                0x004f0276
                                                                                                                                                                                0x004f0282
                                                                                                                                                                                0x004f0286
                                                                                                                                                                                0x004f028c
                                                                                                                                                                                0x004f0205
                                                                                                                                                                                0x004f0208
                                                                                                                                                                                0x004f020d
                                                                                                                                                                                0x004f0217
                                                                                                                                                                                0x004f022a
                                                                                                                                                                                0x004f0230
                                                                                                                                                                                0x004f0237
                                                                                                                                                                                0x004f0241
                                                                                                                                                                                0x004f025b
                                                                                                                                                                                0x004f025d
                                                                                                                                                                                0x004f0262
                                                                                                                                                                                0x004f0262
                                                                                                                                                                                0x004f0265
                                                                                                                                                                                0x004f026f
                                                                                                                                                                                0x004f026f
                                                                                                                                                                                0x004f0203
                                                                                                                                                                                0x004f0186
                                                                                                                                                                                0x004f0186
                                                                                                                                                                                0x004f018a
                                                                                                                                                                                0x004f0197
                                                                                                                                                                                0x004f019d
                                                                                                                                                                                0x004f01a3
                                                                                                                                                                                0x004f01a3
                                                                                                                                                                                0x004f028f
                                                                                                                                                                                0x004f028f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f028f
                                                                                                                                                                                0x004f007e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f003e
                                                                                                                                                                                0x004f003e
                                                                                                                                                                                0x004f0292
                                                                                                                                                                                0x004f0295
                                                                                                                                                                                0x004f02aa
                                                                                                                                                                                0x004f02aa

                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ecb187463da72710d10c6f885a97d4b3e33bfb4eb63038d9beb8c17a8b3ad649
                                                                                                                                                                                • Instruction ID: 9b2f63963992360146f666215734e55a870c3115d502bbbb8006fdcbe01b2a89
                                                                                                                                                                                • Opcode Fuzzy Hash: ecb187463da72710d10c6f885a97d4b3e33bfb4eb63038d9beb8c17a8b3ad649
                                                                                                                                                                                • Instruction Fuzzy Hash: 95916E70A00209EFDB14CF94D884BBEB7B1BF88710F50855AF945AB291D7799E81CBA4
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004CC8C0, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 133COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 81%
                                                                                                                                                                                			E004CC8C0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				void* _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr* _v60;
				signed int _t60;
				void* _t63;
				intOrPtr _t66;
				intOrPtr _t71;
				signed int _t117;

				_push(0xffffffff);
				_push(0x5118d6);
				_push( *[fs:0x0]);
				_t60 =  *0x561244; // 0x554c9ad9
				_push(_t60 ^ _t117);
				 *[fs:0x0] =  &_v16;
				_t63 = E00414C90();
				_v8 = 0;
				if(_a12 != 0) {
					if(_a4 == 0 || _a8 == 0) {
						_push(L" LoadMemory mem == NULL ");
						E004CC5C0(_t63);
						_v44 = 0x80070057;
						_v8 = 0xffffffff;
						E0040D320();
						_t66 = _v44;
					} else {
						_v28 = GlobalAlloc(0x40, _a8 + 2);
						if(_v28 != 0) {
							_t71 = E0044FCB0(__ebx, __edi, __esi, _v28, _a4, _a8);
							__imp__CreateStreamOnHGlobal(_v28, 1,  &_v24);
							_v20 = _t71;
							if(_v20 != 0) {
								L14:
								_v56 = 0x80004005;
								_v8 = 0xffffffff;
								E0040D320();
								_t66 = _v56;
							} else {
								E004300C0(_a12);
								_v8 = 1;
								if(E0041D530( &_v32) == 0) {
									L13:
									_v8 = 0;
									E00439240();
									goto L14;
								} else {
									E00430540( &_v36);
									if(_v36 == 0) {
										goto L13;
									} else {
										E0042FC90(_v36, E0041D530( &_v24));
										_v60 = E0041D530( &_v32);
										_t105 = _v60;
										_v20 =  *((intOrPtr*)( *((intOrPtr*)( *_v60 + 0x14))))(_v60, 0, _v36, 0, 0);
										if(_v20 != 0) {
											E004CC870(_t105, 1);
										}
										_v52 = _v20;
										_v8 = 0;
										E00439240();
										_v8 = 0xffffffff;
										E0040D320();
										_t66 = _v52;
									}
								}
							}
						} else {
							_v48 = 0x8007000e;
							_v8 = 0xffffffff;
							E0040D320();
							_t66 = _v48;
						}
					}
				} else {
					_push(L" LoadMemory pDoc == NULL ");
					E004CC5C0(_t63);
					_v40 = 0x80070057;
					_v8 = 0xffffffff;
					E0040D320();
					_t66 = _v40;
				}
				 *[fs:0x0] = _v16;
				return _t66;
			}





















                                                                                                                                                                                0x004cc8c3
                                                                                                                                                                                0x004cc8c5
                                                                                                                                                                                0x004cc8d0
                                                                                                                                                                                0x004cc8d4
                                                                                                                                                                                0x004cc8db
                                                                                                                                                                                0x004cc8df
                                                                                                                                                                                0x004cc8e8
                                                                                                                                                                                0x004cc8ed
                                                                                                                                                                                0x004cc8f8
                                                                                                                                                                                0x004cc929
                                                                                                                                                                                0x004cc931
                                                                                                                                                                                0x004cc936
                                                                                                                                                                                0x004cc93e
                                                                                                                                                                                0x004cc945
                                                                                                                                                                                0x004cc94f
                                                                                                                                                                                0x004cc954
                                                                                                                                                                                0x004cc95c
                                                                                                                                                                                0x004cc96b
                                                                                                                                                                                0x004cc972
                                                                                                                                                                                0x004cc99e
                                                                                                                                                                                0x004cc9b0
                                                                                                                                                                                0x004cc9b6
                                                                                                                                                                                0x004cc9bd
                                                                                                                                                                                0x004cca67
                                                                                                                                                                                0x004cca67
                                                                                                                                                                                0x004cca6e
                                                                                                                                                                                0x004cca78
                                                                                                                                                                                0x004cca7d
                                                                                                                                                                                0x004cc9c3
                                                                                                                                                                                0x004cc9ca
                                                                                                                                                                                0x004cc9cf
                                                                                                                                                                                0x004cc9dd
                                                                                                                                                                                0x004cca5b
                                                                                                                                                                                0x004cca5b
                                                                                                                                                                                0x004cca62
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004cc9df
                                                                                                                                                                                0x004cc9e3
                                                                                                                                                                                0x004cc9ec
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004cc9ee
                                                                                                                                                                                0x004cc9fa
                                                                                                                                                                                0x004cca07
                                                                                                                                                                                0x004cca18
                                                                                                                                                                                0x004cca22
                                                                                                                                                                                0x004cca29
                                                                                                                                                                                0x004cca2d
                                                                                                                                                                                0x004cca32
                                                                                                                                                                                0x004cca38
                                                                                                                                                                                0x004cca3b
                                                                                                                                                                                0x004cca42
                                                                                                                                                                                0x004cca47
                                                                                                                                                                                0x004cca51
                                                                                                                                                                                0x004cca56
                                                                                                                                                                                0x004cca56
                                                                                                                                                                                0x004cc9ec
                                                                                                                                                                                0x004cc9dd
                                                                                                                                                                                0x004cc974
                                                                                                                                                                                0x004cc974
                                                                                                                                                                                0x004cc97b
                                                                                                                                                                                0x004cc985
                                                                                                                                                                                0x004cc98a
                                                                                                                                                                                0x004cc98a
                                                                                                                                                                                0x004cc972
                                                                                                                                                                                0x004cc8fa
                                                                                                                                                                                0x004cc8fa
                                                                                                                                                                                0x004cc8ff
                                                                                                                                                                                0x004cc907
                                                                                                                                                                                0x004cc90e
                                                                                                                                                                                0x004cc918
                                                                                                                                                                                0x004cc91d
                                                                                                                                                                                0x004cc91d
                                                                                                                                                                                0x004cca83
                                                                                                                                                                                0x004cca8e

                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: LoadMemory mem == NULL $ LoadMemory pDoc == NULL $W$W
                                                                                                                                                                                • API String ID: 0-61333738
                                                                                                                                                                                • Opcode ID: c53eb319cef488d302be499bfc4f72b57fc6207859f3b9e799a0f7a65bd0a51b
                                                                                                                                                                                • Instruction ID: f45d82c9f8a196cfc6aee97ef8979deb832657bc0edcf5a1b66d4082df4fedcc
                                                                                                                                                                                • Opcode Fuzzy Hash: c53eb319cef488d302be499bfc4f72b57fc6207859f3b9e799a0f7a65bd0a51b
                                                                                                                                                                                • Instruction Fuzzy Hash: CA514CB5D00209EBCB04DFA5D985FEEB770FB18314F20421EE415672D0E7795A45CB99
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00426E60, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 72%
                                                                                                                                                                                			E00426E60(void* __eflags, char _a4, char _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* __ecx;
				signed int _t25;
				intOrPtr _t41;
				signed int _t62;
				void* _t63;

				_push(0xffffffff);
				_push(0x516ce0);
				_push( *[fs:0x0]);
				_push(_t41);
				_t25 =  *0x561244; // 0x554c9ad9
				_push(_t25 ^ _t62);
				_t1 =  &_v16; // 0x4267e3
				 *[fs:0x0] = _t1;
				_v20 = _t63 - 0xc;
				_v32 = _t41;
				_v28 = E00420BA0(_v32, 1);
				_v24 = 0;
				_v8 = 0;
				E0041EB00(_v32 + 1, E00415110(_v28),  &_a4);
				_v24 = _v24 + 1;
				_t13 =  &_a8; // 0x4267e3
				E0041EB00(_v32 + 1, E0042AE30(_v28), _t13);
				_v24 = _v24 + 1;
				E0041B050(_v32 + 2, E00441910(_v28), _a12);
				_v8 = 0xffffffff;
				_t23 =  &_v16; // 0x4267e3
				 *[fs:0x0] =  *_t23;
				return _v28;
			}














                                                                                                                                                                                0x00426e63
                                                                                                                                                                                0x00426e65
                                                                                                                                                                                0x00426e70
                                                                                                                                                                                0x00426e71
                                                                                                                                                                                0x00426e78
                                                                                                                                                                                0x00426e7f
                                                                                                                                                                                0x00426e80
                                                                                                                                                                                0x00426e83
                                                                                                                                                                                0x00426e89
                                                                                                                                                                                0x00426e8c
                                                                                                                                                                                0x00426e99
                                                                                                                                                                                0x00426e9c
                                                                                                                                                                                0x00426ea3
                                                                                                                                                                                0x00426ec1
                                                                                                                                                                                0x00426ecc
                                                                                                                                                                                0x00426ecf
                                                                                                                                                                                0x00426ee6
                                                                                                                                                                                0x00426ef1
                                                                                                                                                                                0x00426f0b
                                                                                                                                                                                0x00426f72
                                                                                                                                                                                0x00426f7c
                                                                                                                                                                                0x00426f7f
                                                                                                                                                                                0x00426f8d

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: allocator
                                                                                                                                                                                • String ID: gB$gB
                                                                                                                                                                                • API String ID: 3447690668-476456316
                                                                                                                                                                                • Opcode ID: 382200b0d8d22de33c340b6a97caba9c3ccf8ac81e440876572f6ba457ab22c5
                                                                                                                                                                                • Instruction ID: da325da1d0d0f6029cf94d867a0c2159dc7c1cf2997bc7afbf56aa29c0e544d4
                                                                                                                                                                                • Opcode Fuzzy Hash: 382200b0d8d22de33c340b6a97caba9c3ccf8ac81e440876572f6ba457ab22c5
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F213DB1E00109AFCB04DF99D852BEFBBB8FB48318F10452EE515A7381D635AA54CBA5
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0040D4C0, Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 25%
                                                                                                                                                                                			E0040D4C0(int* _a4, intOrPtr* _a8) {
				int _v8;
				struct HDC__* _v12;
				int _v16;
				signed int _v20;
				signed int _v24;
				int _t37;

				do {
					_v20 = 0 | _a4 != 0x00000000;
					if(_v20 == 0) {
						E00417470(0x80004003);
					}
				} while (0 != 0);
				do {
					_v24 = 0 | _a8 != 0x00000000;
					if(_v24 == 0) {
						E00417470(0x80004003);
					}
				} while (0 != 0);
				_v12 = GetDC(0);
				do {
				} while (0 != 0 || 0 != 0);
				_v16 = GetDeviceCaps(_v12, 0x58);
				_v8 = GetDeviceCaps(_v12, 0x5a);
				ReleaseDC(0, _v12);
				 *_a8 = MulDiv(0x9ec,  *_a4, _v16);
				_t37 = MulDiv(0x9ec, _a4[1], _v8);
				 *(_a8 + 4) = _t37;
				return _t37;
			}









                                                                                                                                                                                0x0040d4c6
                                                                                                                                                                                0x0040d4cf
                                                                                                                                                                                0x0040d4d6
                                                                                                                                                                                0x0040d4dd
                                                                                                                                                                                0x0040d4dd
                                                                                                                                                                                0x0040d4e2
                                                                                                                                                                                0x0040d4e6
                                                                                                                                                                                0x0040d4ef
                                                                                                                                                                                0x0040d4f6
                                                                                                                                                                                0x0040d4fd
                                                                                                                                                                                0x0040d4fd
                                                                                                                                                                                0x0040d502
                                                                                                                                                                                0x0040d50e
                                                                                                                                                                                0x0040d511
                                                                                                                                                                                0x0040d511
                                                                                                                                                                                0x0040d525
                                                                                                                                                                                0x0040d534
                                                                                                                                                                                0x0040d53d
                                                                                                                                                                                0x0040d55b
                                                                                                                                                                                0x0040d56d
                                                                                                                                                                                0x0040d576
                                                                                                                                                                                0x0040d57c

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 0040D508
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 0040D51F
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0040D52E
                                                                                                                                                                                • ReleaseDC.USER32 ref: 0040D53D
                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0040D552
                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,?,?), ref: 0040D56D
                                                                                                                                                                                  • Part of subcall function 00417470: __CxxThrowException@8.LIBCMT ref: 00417490
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CapsDevice$Exception@8ReleaseThrow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3795711691-0
                                                                                                                                                                                • Opcode ID: 474e44d81c33a4c3ad8fcca12360042be9d1a82ca7a81d2fb1257039810e5e3e
                                                                                                                                                                                • Instruction ID: a675958bb8746e427a2099b888aedb08fd49cc9464bf76652de926079c8ca548
                                                                                                                                                                                • Opcode Fuzzy Hash: 474e44d81c33a4c3ad8fcca12360042be9d1a82ca7a81d2fb1257039810e5e3e
                                                                                                                                                                                • Instruction Fuzzy Hash: 99213E75A00208EFEB40DFA0CC49BAEBBB5FB58305F10C169ED15A7290E7749A45DB51
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0040D580, Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 25%
                                                                                                                                                                                			E0040D580(int* _a4, intOrPtr* _a8) {
				int _v8;
				struct HDC__* _v12;
				int _v16;
				signed int _v20;
				signed int _v24;
				int _t37;

				do {
					_v20 = 0 | _a4 != 0x00000000;
					if(_v20 == 0) {
						E00417470(0x80004003);
					}
				} while (0 != 0);
				do {
					_v24 = 0 | _a8 != 0x00000000;
					if(_v24 == 0) {
						E00417470(0x80004003);
					}
				} while (0 != 0);
				_v12 = GetDC(0);
				do {
				} while (0 != 0 || 0 != 0);
				_v16 = GetDeviceCaps(_v12, 0x58);
				_v8 = GetDeviceCaps(_v12, 0x5a);
				ReleaseDC(0, _v12);
				 *_a8 = MulDiv(_v16,  *_a4, 0x9ec);
				_t37 = MulDiv(_v8, _a4[1], 0x9ec);
				 *(_a8 + 4) = _t37;
				return _t37;
			}









                                                                                                                                                                                0x0040d586
                                                                                                                                                                                0x0040d58f
                                                                                                                                                                                0x0040d596
                                                                                                                                                                                0x0040d59d
                                                                                                                                                                                0x0040d59d
                                                                                                                                                                                0x0040d5a2
                                                                                                                                                                                0x0040d5a6
                                                                                                                                                                                0x0040d5af
                                                                                                                                                                                0x0040d5b6
                                                                                                                                                                                0x0040d5bd
                                                                                                                                                                                0x0040d5bd
                                                                                                                                                                                0x0040d5c2
                                                                                                                                                                                0x0040d5ce
                                                                                                                                                                                0x0040d5d1
                                                                                                                                                                                0x0040d5d1
                                                                                                                                                                                0x0040d5e5
                                                                                                                                                                                0x0040d5f4
                                                                                                                                                                                0x0040d5fd
                                                                                                                                                                                0x0040d61b
                                                                                                                                                                                0x0040d62d
                                                                                                                                                                                0x0040d636
                                                                                                                                                                                0x0040d63c

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 0040D5C8
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 0040D5DF
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0040D5EE
                                                                                                                                                                                • ReleaseDC.USER32 ref: 0040D5FD
                                                                                                                                                                                • MulDiv.KERNEL32(00000000,?,000009EC), ref: 0040D612
                                                                                                                                                                                • MulDiv.KERNEL32(?,?,000009EC), ref: 0040D62D
                                                                                                                                                                                  • Part of subcall function 00417470: __CxxThrowException@8.LIBCMT ref: 00417490
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CapsDevice$Exception@8ReleaseThrow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3795711691-0
                                                                                                                                                                                • Opcode ID: 926a56defdbf55e2c9f6654e5b0a3c07791f1a973d1cb76345805afdf9828b57
                                                                                                                                                                                • Instruction ID: 7a998df5e12f5b6324f2c60fdb4a6c7c9e544ff4a4d7dd48a3ffa3a8284a9534
                                                                                                                                                                                • Opcode Fuzzy Hash: 926a56defdbf55e2c9f6654e5b0a3c07791f1a973d1cb76345805afdf9828b57
                                                                                                                                                                                • Instruction Fuzzy Hash: 2A213BB5A00209EFEB04DFA0CC45BAEBBB5FB58305F00C569FD15A7280DB788A45DB54
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004F0440, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 153COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                			E004F0440(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				signed int _t53;
				intOrPtr _t62;
				intOrPtr _t65;
				signed short* _t70;
				intOrPtr _t81;
				void* _t82;
				void* _t123;
				void* _t124;
				signed int _t125;
				void* _t126;
				void* _t127;

				_t124 = __esi;
				_t123 = __edi;
				_t82 = __ebx;
				_push(0xffffffff);
				_push(0x50673f);
				_push( *[fs:0x0]);
				_t127 = _t126 - 0x30;
				_t53 =  *0x561244; // 0x554c9ad9
				_push(_t53 ^ _t125);
				 *[fs:0x0] =  &_v16;
				_v56 = __ecx;
				if(_a8 != 0) {
					_v24 = 0;
					while(1) {
						_v24 = E00405200(_a4 + 4, __eflags, _a8, _v24);
						__eflags = _v24 - 0xffffffff;
						if(_v24 == 0xffffffff) {
							break;
						}
						__eflags = _v24;
						if(_v24 <= 0) {
							L8:
							_v24 = E0044F9A4(_a8) + _v24;
							_t62 = E00451A16(L" :\"",  *(E004051D0(_t82, _a4 + 4, _t123, _t124, _v24)) & 0x0000ffff);
							_t127 = _t127 + 0xc;
							__eflags = _t62;
							if(__eflags != 0) {
								L12:
								_v24 = E00405230(_a4 + 4, __eflags, L" \"", _v24);
								__eflags = _v24 - 0xffffffff;
								if(_v24 == 0xffffffff) {
									L14:
									_t65 = 0;
									L21:
									 *[fs:0x0] = _v16;
									return _t65;
								}
								__eflags = ( *(E004051D0(_t82, _a4 + 4, _t123, _t124, _v24)) & 0x0000ffff) - 0x3a;
								if(__eflags == 0) {
									_v24 = E00405230(_a4 + 4, __eflags, " ", _v24 + 1);
									__eflags = _v24 - 0xffffffff;
									if(_v24 == 0xffffffff) {
										L17:
										_t65 = 0;
										goto L21;
									}
									_t70 = E004051D0(_t82, _a4 + 4, _t123, _t124, _v24);
									__eflags = ( *_t70 & 0x0000ffff) - 0x22;
									if(( *_t70 & 0x0000ffff) == 0x22) {
										_v24 = _v24 + 1;
										_v20 = E004468C0(_a4 + 4, 0x22, _v24);
										__eflags = _v20 - 0xffffffff;
										if(_v20 != 0xffffffff) {
											__eflags = _a4 + 4;
											_v60 = E00405260(_a4 + 4,  &_v52, _v24, _v20 - _v24);
											_v64 = _v60;
											_v8 = 0;
											E00409880(_a12, __eflags, _v64);
											_v8 = 0xffffffff;
											E004178C0( &_v52);
											_t65 = 1;
										} else {
											_t65 = 0;
										}
										goto L21;
									}
									goto L17;
								}
								goto L14;
							}
							L11:
							__eflags = 1;
							if(1 != 0) {
								continue;
							}
							goto L12;
						}
						_t81 = E00451A16(L" {\",",  *(E004051D0(_t82, _a4 + 4, _t123, _t124, _v24 - 1)) & 0x0000ffff);
						_t127 = _t127 + 8;
						__eflags = _t81;
						if(_t81 != 0) {
							goto L8;
						}
						_v24 = _v24 + 1;
						goto L11;
					}
					_t65 = 0;
					goto L21;
				}
				_t65 = 0;
				goto L21;
			}






















                                                                                                                                                                                0x004f0440
                                                                                                                                                                                0x004f0440
                                                                                                                                                                                0x004f0440
                                                                                                                                                                                0x004f0443
                                                                                                                                                                                0x004f0445
                                                                                                                                                                                0x004f0450
                                                                                                                                                                                0x004f0451
                                                                                                                                                                                0x004f0454
                                                                                                                                                                                0x004f045b
                                                                                                                                                                                0x004f045f
                                                                                                                                                                                0x004f0465
                                                                                                                                                                                0x004f046c
                                                                                                                                                                                0x004f0475
                                                                                                                                                                                0x004f047c
                                                                                                                                                                                0x004f048f
                                                                                                                                                                                0x004f0492
                                                                                                                                                                                0x004f0496
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f049f
                                                                                                                                                                                0x004f04a3
                                                                                                                                                                                0x004f04d7
                                                                                                                                                                                0x004f04e6
                                                                                                                                                                                0x004f0501
                                                                                                                                                                                0x004f0506
                                                                                                                                                                                0x004f0509
                                                                                                                                                                                0x004f050b
                                                                                                                                                                                0x004f051e
                                                                                                                                                                                0x004f0532
                                                                                                                                                                                0x004f0535
                                                                                                                                                                                0x004f0539
                                                                                                                                                                                0x004f0552
                                                                                                                                                                                0x004f0552
                                                                                                                                                                                0x004f0602
                                                                                                                                                                                0x004f0605
                                                                                                                                                                                0x004f0610
                                                                                                                                                                                0x004f0610
                                                                                                                                                                                0x004f054d
                                                                                                                                                                                0x004f0550
                                                                                                                                                                                0x004f0570
                                                                                                                                                                                0x004f0573
                                                                                                                                                                                0x004f0577
                                                                                                                                                                                0x004f0590
                                                                                                                                                                                0x004f0590
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f0590
                                                                                                                                                                                0x004f0583
                                                                                                                                                                                0x004f058b
                                                                                                                                                                                0x004f058e
                                                                                                                                                                                0x004f059a
                                                                                                                                                                                0x004f05ae
                                                                                                                                                                                0x004f05b1
                                                                                                                                                                                0x004f05b5
                                                                                                                                                                                0x004f05cd
                                                                                                                                                                                0x004f05d5
                                                                                                                                                                                0x004f05db
                                                                                                                                                                                0x004f05de
                                                                                                                                                                                0x004f05ec
                                                                                                                                                                                0x004f05f1
                                                                                                                                                                                0x004f05fb
                                                                                                                                                                                0x004f0600
                                                                                                                                                                                0x004f05b7
                                                                                                                                                                                0x004f05b7
                                                                                                                                                                                0x004f05b7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f05b5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f058e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f0550
                                                                                                                                                                                0x004f0511
                                                                                                                                                                                0x004f0516
                                                                                                                                                                                0x004f0518
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f0518
                                                                                                                                                                                0x004f04c0
                                                                                                                                                                                0x004f04c5
                                                                                                                                                                                0x004f04c8
                                                                                                                                                                                0x004f04ca
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f04d2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f04d2
                                                                                                                                                                                0x004f0498
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f0498
                                                                                                                                                                                0x004f046e
                                                                                                                                                                                0x00000000

                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: :"$ {",
                                                                                                                                                                                • API String ID: 0-2208196758
                                                                                                                                                                                • Opcode ID: f031f3fa4ac938f2b817baabfdce8d8ae56471382f4ec89a465f4afe541d00d3
                                                                                                                                                                                • Instruction ID: 4a0d8f4aa3ebc0104b72774a5acafe2e7dd2801f8f0091a06b8487880b9cf539
                                                                                                                                                                                • Opcode Fuzzy Hash: f031f3fa4ac938f2b817baabfdce8d8ae56471382f4ec89a465f4afe541d00d3
                                                                                                                                                                                • Instruction Fuzzy Hash: D551307190010DAFDB04DF98C955BBF7775EF84318F20422EE616BB382D6789A05CB6A
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00405E90, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 147COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 76%
                                                                                                                                                                                			E00405E90(struct HWND__* _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				intOrPtr _v44;
				char _v48;
				intOrPtr* _v56;
				void* __ecx;
				signed int _t62;
				intOrPtr _t83;
				void* _t86;
				intOrPtr* _t95;
				signed int _t133;
				void* _t134;

				_push(0xffffffff);
				_push(0x518428);
				_push( *[fs:0x0]);
				_push(_t95);
				_t62 =  *0x561244; // 0x554c9ad9
				_push(_t62 ^ _t133);
				 *[fs:0x0] =  &_v16;
				_v20 = _t134 - 0x24;
				_v56 = _t95;
				_v24 = 0xffffffff;
				_v8 = 0;
				if( *((intOrPtr*)(_v56 + 0xa4)) == 0) {
					if(IsWindow(_a4) != 0) {
						 *((intOrPtr*)(_v56 + 0x84)) = _a4;
						_v24 = 1;
						_v28 =  *((intOrPtr*)( *((intOrPtr*)( *_v56 + 0x70))))(_v56, _v56 + 0xc8);
						if(_v28 == 0) {
							_v24 = 3;
							E00414C90();
							_v8 = 1;
							 *((intOrPtr*)( *((intOrPtr*)( *_v56 + 0x6c))))(_v56,  &_v36);
							_v28 = E00409BF0(_a4, 0xffffffff,  &_v32, E0041D530(_v56 + 0xc8), _v36, 0);
							if(_v28 == 0) {
								_v24 = 5;
								_v28 = E00401580(E0041D530( &_v32), _a8);
								if(_v28 != 0) {
									_t86 =  *((intOrPtr*)( *((intOrPtr*)( *_v56 + 0x60))))(_v56, 5, L"Webb::failed to start sink");
									_push(_v28);
									_push(L"Webb::failed to start sink(%x)");
									E004CC5C0(_t86);
								}
								 *((intOrPtr*)( *((intOrPtr*)( *_v56 + 0x74))))(_v56, E0041D530( &_v32));
								_v48 = 0;
								_v8 = 0;
								E0040D320();
								_t83 = _v48;
							} else {
								 *((intOrPtr*)( *((intOrPtr*)( *_v56 + 0x60))))(_v56, 4, L"Webb:: create inner control failed");
								_push(_v28);
								_push(L"Webb:: create inner control faile (%x)");
								E004CC5C0(_v28);
								_v44 = _v28;
								_v8 = 0;
								E0040D320();
								_t83 = _v44;
							}
						} else {
							_t83 = _v28;
						}
					} else {
						_t83 = 0x80070057;
					}
				} else {
					_t83 = 0x80004004;
				}
				 *[fs:0x0] = _v16;
				return _t83;
			}




















                                                                                                                                                                                0x00405e93
                                                                                                                                                                                0x00405e95
                                                                                                                                                                                0x00405ea0
                                                                                                                                                                                0x00405ea1
                                                                                                                                                                                0x00405ea8
                                                                                                                                                                                0x00405eaf
                                                                                                                                                                                0x00405eb3
                                                                                                                                                                                0x00405eb9
                                                                                                                                                                                0x00405ebc
                                                                                                                                                                                0x00405ebf
                                                                                                                                                                                0x00405ec6
                                                                                                                                                                                0x00405ed7
                                                                                                                                                                                0x00405eef
                                                                                                                                                                                0x00405f01
                                                                                                                                                                                0x00405f07
                                                                                                                                                                                0x00405f26
                                                                                                                                                                                0x00405f2d
                                                                                                                                                                                0x00405f37
                                                                                                                                                                                0x00405f41
                                                                                                                                                                                0x00405f46
                                                                                                                                                                                0x00405f5a
                                                                                                                                                                                0x00405f83
                                                                                                                                                                                0x00405f8a
                                                                                                                                                                                0x00405fcc
                                                                                                                                                                                0x00405fe8
                                                                                                                                                                                0x00405fef
                                                                                                                                                                                0x00406004
                                                                                                                                                                                0x00406009
                                                                                                                                                                                0x0040600a
                                                                                                                                                                                0x0040600f
                                                                                                                                                                                0x00406014
                                                                                                                                                                                0x0040602c
                                                                                                                                                                                0x0040602e
                                                                                                                                                                                0x00406035
                                                                                                                                                                                0x0040603c
                                                                                                                                                                                0x00406041
                                                                                                                                                                                0x00405f8c
                                                                                                                                                                                0x00405f9f
                                                                                                                                                                                0x00405fa4
                                                                                                                                                                                0x00405fa5
                                                                                                                                                                                0x00405faa
                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                0x00405fb8
                                                                                                                                                                                0x00405fbf
                                                                                                                                                                                0x00405fc4
                                                                                                                                                                                0x00405fc4
                                                                                                                                                                                0x00405f2f
                                                                                                                                                                                0x00405f2f
                                                                                                                                                                                0x00405f2f
                                                                                                                                                                                0x00405ef1
                                                                                                                                                                                0x00405ef1
                                                                                                                                                                                0x00405ef1
                                                                                                                                                                                0x00405ed9
                                                                                                                                                                                0x00405ed9
                                                                                                                                                                                0x00405ed9
                                                                                                                                                                                0x0040608e
                                                                                                                                                                                0x0040609c

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • Webb:: create inner control faile (%x), xrefs: 00405FA5
                                                                                                                                                                                • Webb::failed to start sink, xrefs: 00405FF1
                                                                                                                                                                                • Webb:: create inner control failed, xrefs: 00405F8C
                                                                                                                                                                                • Webb::failed to start sink(%x), xrefs: 0040600A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window
                                                                                                                                                                                • String ID: Webb:: create inner control faile (%x)$Webb:: create inner control failed$Webb::failed to start sink$Webb::failed to start sink(%x)
                                                                                                                                                                                • API String ID: 2353593579-1275530296
                                                                                                                                                                                • Opcode ID: 474e3da82e0cc466d048fbfad2a84c99366ed9459d03b0eb0226204c4c524e49
                                                                                                                                                                                • Instruction ID: 0902af705790d79e5c6307455ef4b9087a03f906983d013e0f34a35d235ffbcd
                                                                                                                                                                                • Opcode Fuzzy Hash: 474e3da82e0cc466d048fbfad2a84c99366ed9459d03b0eb0226204c4c524e49
                                                                                                                                                                                • Instruction Fuzzy Hash: AC513A71A01509AFDB04EF98D981FEEBBB5FF48304F204169F506A7290D738AE45CB95
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004F3180, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                			E004F3180(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __fp0, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v52;
				signed int _v64;
				signed int _v72;
				char _v73;
				char _v108;
				char _v109;
				intOrPtr _v116;
				signed int _v120;
				char _v152;
				char _v153;
				char _v200;
				intOrPtr _v204;
				intOrPtr* _v208;
				signed int _v212;
				signed int _v216;
				signed int _t62;
				signed int _t63;
				signed char _t69;
				signed int _t70;
				intOrPtr _t84;
				void* _t101;
				void* _t138;
				void* _t139;
				signed int _t140;
				void* _t147;

				_t147 = __fp0;
				_t139 = __esi;
				_t138 = __edi;
				_t101 = __ebx;
				_push(0xffffffff);
				_push(0x50f734);
				_push( *[fs:0x0]);
				_t62 =  *0x561244; // 0x554c9ad9
				_t63 = _t62 ^ _t140;
				_v20 = _t63;
				_push(_t63);
				 *[fs:0x0] =  &_v16;
				_v208 = __ecx;
				E004175C0(E00434050( &_v73));
				_v8 = 0;
				_t144 = _a12;
				if(_a12 == 0) {
					E00416600( &_v52,  &_v52, L"{offline:\"%d\"}", _a8);
				} else {
					E00417910(_a12, E00434050( &_v109));
					_v8 = 1;
					E004181D0( &_v52,  &_v108);
					_v8 = 0;
					E004176E0();
					__imp__#6(_a12);
				}
				_t69 = E004F2770(_t101, _v208, _t138, _t139, _t144, _t147);
				_t135 = _t69 & 0x000000ff;
				if((_t69 & 0x000000ff) != 0) {
					_t70 = E004F2350(_v208);
					__eflags = _t70;
					if(_t70 < 0) {
						E004F2370(_t101, _v208, _t138, _t139);
					}
					E00417910(L"ML", E00434050( &_v153));
					_v8 = 2;
					_v212 = E00501530(E00501CE0(), __eflags,  &_v200,  &_v152);
					_t135 = _v212;
					_v216 = _v212;
					_v8 = 3;
					_v120 = E00404760(_v216, 0);
					_v8 = 2;
					E004224B0();
					_v8 = 0;
					E004176E0();
					__eflags = _v120;
					if(_v120 != 0) {
						E00416A10( &_v72);
						_v8 = 4;
						 *((intOrPtr*)( *((intOrPtr*)( *_v208 + 0x80))))(_v208, L"getMail", 0, 0,  &_v72);
						_t135 = _v72 & 0x0000ffff;
						__eflags = (_v72 & 0x0000ffff) - 8;
						if((_v72 & 0x0000ffff) == 8) {
							__eflags =  *_v64 & 0x0000ffff;
							if(( *_v64 & 0x0000ffff) != 0) {
								_t135 = _v64;
								E004048A0(E00404820(), _v64);
							}
						}
						_v8 = 0;
						E00417430( &_v72);
					}
					E004E6990(E004049B0());
					E004F30E0(_t101, _v208, _t138, _t139, __eflags, _t147,  &_v52);
					_v204 = 0;
					_v8 = 0xffffffff;
					E004176E0();
					_t84 = _v204;
				} else {
					_v116 = 0;
					_v8 = 0xffffffff;
					E004176E0();
					_t84 = _v116;
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t84, _t101, _v20 ^ _t140, _t135, _t138, _t139);
			}































                                                                                                                                                                                0x004f3180
                                                                                                                                                                                0x004f3180
                                                                                                                                                                                0x004f3180
                                                                                                                                                                                0x004f3180
                                                                                                                                                                                0x004f3183
                                                                                                                                                                                0x004f3185
                                                                                                                                                                                0x004f3190
                                                                                                                                                                                0x004f3197
                                                                                                                                                                                0x004f319c
                                                                                                                                                                                0x004f319e
                                                                                                                                                                                0x004f31a1
                                                                                                                                                                                0x004f31a5
                                                                                                                                                                                0x004f31ab
                                                                                                                                                                                0x004f31bd
                                                                                                                                                                                0x004f31c2
                                                                                                                                                                                0x004f31c9
                                                                                                                                                                                0x004f31cd
                                                                                                                                                                                0x004f3219
                                                                                                                                                                                0x004f31cf
                                                                                                                                                                                0x004f31df
                                                                                                                                                                                0x004f31e4
                                                                                                                                                                                0x004f31ef
                                                                                                                                                                                0x004f31f4
                                                                                                                                                                                0x004f31fb
                                                                                                                                                                                0x004f3204
                                                                                                                                                                                0x004f3204
                                                                                                                                                                                0x004f3227
                                                                                                                                                                                0x004f322c
                                                                                                                                                                                0x004f3231
                                                                                                                                                                                0x004f3257
                                                                                                                                                                                0x004f325c
                                                                                                                                                                                0x004f325e
                                                                                                                                                                                0x004f3266
                                                                                                                                                                                0x004f3266
                                                                                                                                                                                0x004f3282
                                                                                                                                                                                0x004f3287
                                                                                                                                                                                0x004f32a5
                                                                                                                                                                                0x004f32ab
                                                                                                                                                                                0x004f32b1
                                                                                                                                                                                0x004f32b7
                                                                                                                                                                                0x004f32c8
                                                                                                                                                                                0x004f32cb
                                                                                                                                                                                0x004f32d5
                                                                                                                                                                                0x004f32da
                                                                                                                                                                                0x004f32e4
                                                                                                                                                                                0x004f32e9
                                                                                                                                                                                0x004f32ed
                                                                                                                                                                                0x004f32f2
                                                                                                                                                                                0x004f32f7
                                                                                                                                                                                0x004f331d
                                                                                                                                                                                0x004f331f
                                                                                                                                                                                0x004f3323
                                                                                                                                                                                0x004f3326
                                                                                                                                                                                0x004f332e
                                                                                                                                                                                0x004f3330
                                                                                                                                                                                0x004f3332
                                                                                                                                                                                0x004f333d
                                                                                                                                                                                0x004f333d
                                                                                                                                                                                0x004f3330
                                                                                                                                                                                0x004f3342
                                                                                                                                                                                0x004f3349
                                                                                                                                                                                0x004f3349
                                                                                                                                                                                0x004f3355
                                                                                                                                                                                0x004f3364
                                                                                                                                                                                0x004f3369
                                                                                                                                                                                0x004f3373
                                                                                                                                                                                0x004f337d
                                                                                                                                                                                0x004f3382
                                                                                                                                                                                0x004f3233
                                                                                                                                                                                0x004f3233
                                                                                                                                                                                0x004f323a
                                                                                                                                                                                0x004f3244
                                                                                                                                                                                0x004f3249
                                                                                                                                                                                0x004f3249
                                                                                                                                                                                0x004f338b
                                                                                                                                                                                0x004f33a0

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Immortalize$FreeString
                                                                                                                                                                                • String ID: getMail${offline:"%d"}
                                                                                                                                                                                • API String ID: 4250984490-2278394474
                                                                                                                                                                                • Opcode ID: 5e74d79fdfc40212d5f5d3f873d386a7eb18e496a75b139066487c0d36d4500e
                                                                                                                                                                                • Instruction ID: 0b00b0d10cad26ea970f4bd532ae3d9bcf03c87f8020568c9a7219c3257146db
                                                                                                                                                                                • Opcode Fuzzy Hash: 5e74d79fdfc40212d5f5d3f873d386a7eb18e496a75b139066487c0d36d4500e
                                                                                                                                                                                • Instruction Fuzzy Hash: 7E515A709012189BDB18EFA5DD51FEEB7B4BF50304F1041AEE509A72D1DB786E44CBA8
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004F0CB0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                                                			E004F0CB0(void* __ebx, struct HWND__* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				long _v8;
				char _v16;
				char _v20;
				char _v52;
				char _v53;
				char _v88;
				char _v89;
				struct HWND__* _v96;
				intOrPtr _v100;
				signed int _t32;
				int _t36;
				signed int _t54;

				_push(0xffffffff);
				_push(0x507d0c);
				_push( *[fs:0x0]);
				_t32 =  *0x561244; // 0x554c9ad9
				_push(_t32 ^ _t54);
				 *[fs:0x0] =  &_v16;
				_v96 = __ecx;
				_v100 = _a4;
				_v100 = _v100 + 4;
				if(_v100 > 0x68) {
					L6:
					_t36 = 0;
				} else {
					_t9 = _v100 + 0x4f0e10; // 0xcccccc03
					switch( *((intOrPtr*)(( *_t9 & 0x000000ff) * 4 +  &M004F0DFC))) {
						case 0:
							__ecx =  &_v89;
							__eax = E00434050( &_v89);
							__ecx =  &_v88;
							__eax = E00417910(L"SILENT", __eax);
							_v8 = 1;
							__edx =  &_v88;
							__ecx = 0x5bde88;
							__eax = E004181D0(0x5bde88,  &_v88);
							_v8 = 0xffffffff;
							__ecx =  &_v88;
							__eax = E004176E0();
							__eax =  *0x5bdd34; // 0x18021a
							__eax = PostMessageW(__eax, 0x402, 1, 0);
							goto L7;
						case 1:
							__ecx = _v96;
							__edx =  *((intOrPtr*)(__ecx + 0x12c));
							__edx =  *((intOrPtr*)(__ecx + 0x12c)) - 1;
							__ecx = _v96;
							__eax = E004F0B90(__ebx, _v96, __edx, __edi, __esi, __edx);
							goto L7;
						case 2:
							E004161E0(E00416210(_v96 + 0x84,  &_v20), 0x10, _a4, 0);
							goto L7;
						case 3:
							__ecx =  &_v53;
							__eax = E00434050( &_v53);
							__ecx =  &_v52;
							__eax = E00417910(L"DONE", __eax);
							_v8 = 0;
							__eax =  &_v52;
							__ecx = 0x5bde88;
							__eax = E004181D0(0x5bde88,  &_v52);
							_v8 = 0xffffffff;
							__ecx =  &_v52;
							__eax = E004176E0();
							__ecx =  *0x5bdd34; // 0x18021a
							__eax = PostMessageW(__ecx, 0x406, 1, 0);
							L7:
							_t36 = 1;
							goto L8;
						case 4:
							goto L6;
					}
				}
				L8:
				 *[fs:0x0] = _v16;
				return _t36;
			}















                                                                                                                                                                                0x004f0cb3
                                                                                                                                                                                0x004f0cb5
                                                                                                                                                                                0x004f0cc0
                                                                                                                                                                                0x004f0cc4
                                                                                                                                                                                0x004f0ccb
                                                                                                                                                                                0x004f0ccf
                                                                                                                                                                                0x004f0cd5
                                                                                                                                                                                0x004f0cdb
                                                                                                                                                                                0x004f0ce4
                                                                                                                                                                                0x004f0ceb
                                                                                                                                                                                0x004f0de2
                                                                                                                                                                                0x004f0de2
                                                                                                                                                                                0x004f0cf1
                                                                                                                                                                                0x004f0cf4
                                                                                                                                                                                0x004f0cfb
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f0d7a
                                                                                                                                                                                0x004f0d7d
                                                                                                                                                                                0x004f0d88
                                                                                                                                                                                0x004f0d8b
                                                                                                                                                                                0x004f0d90
                                                                                                                                                                                0x004f0d97
                                                                                                                                                                                0x004f0d9b
                                                                                                                                                                                0x004f0da0
                                                                                                                                                                                0x004f0da5
                                                                                                                                                                                0x004f0dac
                                                                                                                                                                                0x004f0daf
                                                                                                                                                                                0x004f0dbd
                                                                                                                                                                                0x004f0dc3
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f0dcb
                                                                                                                                                                                0x004f0dce
                                                                                                                                                                                0x004f0dd4
                                                                                                                                                                                0x004f0dd8
                                                                                                                                                                                0x004f0ddb
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f0d1e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f0d28
                                                                                                                                                                                0x004f0d2b
                                                                                                                                                                                0x004f0d36
                                                                                                                                                                                0x004f0d39
                                                                                                                                                                                0x004f0d3e
                                                                                                                                                                                0x004f0d45
                                                                                                                                                                                0x004f0d49
                                                                                                                                                                                0x004f0d4e
                                                                                                                                                                                0x004f0d53
                                                                                                                                                                                0x004f0d5a
                                                                                                                                                                                0x004f0d5d
                                                                                                                                                                                0x004f0d6b
                                                                                                                                                                                0x004f0d72
                                                                                                                                                                                0x004f0de6
                                                                                                                                                                                0x004f0de6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f0cfb
                                                                                                                                                                                0x004f0de8
                                                                                                                                                                                0x004f0deb
                                                                                                                                                                                0x004f0df6

                                                                                                                                                                                APIs
                                                                                                                                                                                • PostMessageW.USER32(0018021A,00000406,00000001,00000000), ref: 004F0D72
                                                                                                                                                                                • PostMessageW.USER32(0018021A,00000402,00000001,00000000), ref: 004F0DC3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessagePost
                                                                                                                                                                                • String ID: DONE$SILENT$h
                                                                                                                                                                                • API String ID: 410705778-1397473427
                                                                                                                                                                                • Opcode ID: 8d4f9975a7b44c736fe4ec049f807e9cdb6213517cc6fa0f32f9354bf111f3fb
                                                                                                                                                                                • Instruction ID: b521facae403294bf25b0b7f8936e62260cfcf800c29164a3d36239f9ae750ec
                                                                                                                                                                                • Opcode Fuzzy Hash: 8d4f9975a7b44c736fe4ec049f807e9cdb6213517cc6fa0f32f9354bf111f3fb
                                                                                                                                                                                • Instruction Fuzzy Hash: AF318C70A14208ABDB08DFD4DC56BEEB775FB84710F10862EE6126B2C2DB796905CB58
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004CAE60, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                                                			E004CAE60(void* __ebx, struct HINSTANCE__** __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, signed int _a8) {
				int _v8;
				signed int _v12;
				short _v44;
				int _v48;
				struct HINSTANCE__** _v52;
				signed int _t15;
				void* _t18;
				void* _t29;
				void* _t43;
				void* _t44;
				signed int _t45;

				_t44 = __esi;
				_t43 = __edi;
				_t29 = __ebx;
				_t15 =  *0x561244; // 0x554c9ad9
				_v12 = _t15 ^ _t45;
				_v52 = __ecx;
				if(E00430C20(_v52) == 0) {
					_t18 = 0;
				} else {
					wsprintfW( &_v44, L"icon%d", _a4);
					asm("sbb edx, edx");
					_v48 = GetSystemMetrics(( ~_a8 & 0xffffffda) + 0x31);
					asm("sbb eax, eax");
					_v8 = GetSystemMetrics(( ~_a8 & 0xffffffda) + 0x32);
					_t37 =  *_v52;
					_t18 = LoadImageW( *_v52,  &_v44, 1, _v48, _v8, 0);
				}
				return E0044F6C8(_t18, _t29, _v12 ^ _t45, _t37, _t43, _t44);
			}














                                                                                                                                                                                0x004cae60
                                                                                                                                                                                0x004cae60
                                                                                                                                                                                0x004cae60
                                                                                                                                                                                0x004cae66
                                                                                                                                                                                0x004cae6d
                                                                                                                                                                                0x004cae70
                                                                                                                                                                                0x004cae7d
                                                                                                                                                                                0x004caee3
                                                                                                                                                                                0x004cae7f
                                                                                                                                                                                0x004cae8c
                                                                                                                                                                                0x004cae9a
                                                                                                                                                                                0x004caea9
                                                                                                                                                                                0x004caeb1
                                                                                                                                                                                0x004caec0
                                                                                                                                                                                0x004caed6
                                                                                                                                                                                0x004caed9
                                                                                                                                                                                0x004caed9
                                                                                                                                                                                0x004caef2

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MetricsSystem$ImageLoadwsprintf
                                                                                                                                                                                • String ID: icon%d
                                                                                                                                                                                • API String ID: 3909377768-3280701045
                                                                                                                                                                                • Opcode ID: 2d9cc9c1688a22febf2ed6e05615a5419e729802003467ace3d98fd594a0b198
                                                                                                                                                                                • Instruction ID: de662ed2c80c83afdf942a6c1c8f2b8e47cdcb8d8a5d1dcf82a73053b9f924e1
                                                                                                                                                                                • Opcode Fuzzy Hash: 2d9cc9c1688a22febf2ed6e05615a5419e729802003467ace3d98fd594a0b198
                                                                                                                                                                                • Instruction Fuzzy Hash: 29115E75A10108AFDB44DFB8DC81EEEB7BAEB99710F00C629F815D7290E7349904DB94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004CC800, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E004CC800(void* __ebx, void* __edi, void* __esi) {

				if(( *0x5c1ed0 & 0x0000ffff) == 0) {
					if(E004C5660(0xf, 0) != 1) {
						E004F8180(__ebx, 0x5be0a0, __edi, __esi, 0x5c1ed0, 0x1b, L"BabylonData.html");
						if(( *0x5c1ed0 & 0x0000ffff) == 0) {
							E0045184A(0x5c1ed0, L"c:\\temp\\BabylonData.html");
						}
					} else {
						E0045184A(0x5c1ed0, L"www.babylon.com/ClientData.html");
					}
				}
				return 0x5c1ed0;
			}



                                                                                                                                                                                0x004cc80c
                                                                                                                                                                                0x004cc81d
                                                                                                                                                                                0x004cc844
                                                                                                                                                                                0x004cc852
                                                                                                                                                                                0x004cc85e
                                                                                                                                                                                0x004cc863
                                                                                                                                                                                0x004cc81f
                                                                                                                                                                                0x004cc829
                                                                                                                                                                                0x004cc82e
                                                                                                                                                                                0x004cc81d
                                                                                                                                                                                0x004cc86c

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • www.babylon.com/ClientData.html, xrefs: 004CC81F
                                                                                                                                                                                • BabylonData.html, xrefs: 004CC833
                                                                                                                                                                                • c:\temp\BabylonData.html, xrefs: 004CC854
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _wcscpy
                                                                                                                                                                                • String ID: BabylonData.html$c:\temp\BabylonData.html$www.babylon.com/ClientData.html
                                                                                                                                                                                • API String ID: 3048848545-2817021312
                                                                                                                                                                                • Opcode ID: 302cb4f288442af32d7dc266d49bd033a5520ec215228117e118cdd053b920fb
                                                                                                                                                                                • Instruction ID: 680570e49307a0ca327cc94fd27d678254eafae66515bd49608ecbf4d387509a
                                                                                                                                                                                • Opcode Fuzzy Hash: 302cb4f288442af32d7dc266d49bd033a5520ec215228117e118cdd053b920fb
                                                                                                                                                                                • Instruction Fuzzy Hash: 16E01C74B8170865D66436832C43F262D492721FCAF08043EF90AA82C3E9DDD644116E
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0045A8FF, Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                			E0045A8FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x544558);
				E00456860(__ebx, __edi, __esi);
				_t31 = E00457400(__ebx, __edx, __edi, _t35);
				_t15 =  *0x56195c; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E00457DFC(_t25, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x561860; // 0x7d1668
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x561438;
								if(__eflags != 0) {
									_push(_t33);
									E0044FAFC(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x561860; // 0x7d1668
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x561860; // 0x7d1668
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E0045A99A();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E00457948(_t29, _t31, 0x20);
				}
				return E004568A5(_t33);
			}










                                                                                                                                                                                0x0045a8ff
                                                                                                                                                                                0x0045a8ff
                                                                                                                                                                                0x0045a8ff
                                                                                                                                                                                0x0045a8ff
                                                                                                                                                                                0x0045a901
                                                                                                                                                                                0x0045a906
                                                                                                                                                                                0x0045a910
                                                                                                                                                                                0x0045a912
                                                                                                                                                                                0x0045a91a
                                                                                                                                                                                0x0045a93b
                                                                                                                                                                                0x0045a941
                                                                                                                                                                                0x0045a945
                                                                                                                                                                                0x0045a948
                                                                                                                                                                                0x0045a94b
                                                                                                                                                                                0x0045a951
                                                                                                                                                                                0x0045a953
                                                                                                                                                                                0x0045a955
                                                                                                                                                                                0x0045a958
                                                                                                                                                                                0x0045a95e
                                                                                                                                                                                0x0045a960
                                                                                                                                                                                0x0045a962
                                                                                                                                                                                0x0045a968
                                                                                                                                                                                0x0045a96a
                                                                                                                                                                                0x0045a96b
                                                                                                                                                                                0x0045a970
                                                                                                                                                                                0x0045a968
                                                                                                                                                                                0x0045a960
                                                                                                                                                                                0x0045a971
                                                                                                                                                                                0x0045a976
                                                                                                                                                                                0x0045a979
                                                                                                                                                                                0x0045a97f
                                                                                                                                                                                0x0045a983
                                                                                                                                                                                0x0045a983
                                                                                                                                                                                0x0045a989
                                                                                                                                                                                0x0045a990
                                                                                                                                                                                0x0045a922
                                                                                                                                                                                0x0045a922
                                                                                                                                                                                0x0045a922
                                                                                                                                                                                0x0045a927
                                                                                                                                                                                0x0045a92b
                                                                                                                                                                                0x0045a930
                                                                                                                                                                                0x0045a938

                                                                                                                                                                                APIs
                                                                                                                                                                                • __getptd.LIBCMT ref: 0045A90B
                                                                                                                                                                                  • Part of subcall function 00457400: __getptd_noexit.LIBCMT ref: 00457403
                                                                                                                                                                                  • Part of subcall function 00457400: __amsg_exit.LIBCMT ref: 00457410
                                                                                                                                                                                • __amsg_exit.LIBCMT ref: 0045A92B
                                                                                                                                                                                • __lock.LIBCMT ref: 0045A93B
                                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 0045A958
                                                                                                                                                                                • InterlockedIncrement.KERNEL32(007D1668), ref: 0045A983
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4271482742-0
                                                                                                                                                                                • Opcode ID: e37120ae664283ea350632c9a41c2ae7b57840983f05399925188644f34e3bfb
                                                                                                                                                                                • Instruction ID: 4086997c604cd4e60cdccecd4fb249213bd39f50572aee95531a34e2fe0cb1c3
                                                                                                                                                                                • Opcode Fuzzy Hash: e37120ae664283ea350632c9a41c2ae7b57840983f05399925188644f34e3bfb
                                                                                                                                                                                • Instruction Fuzzy Hash: 76010871901B25DBDB11AB2A940136E77A0BF00716F16061BEC00A7362C77C586DDBDF
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0048C630, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                			E0048C630(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v16;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				WCHAR* _v56;
				signed int _v60;
				signed int _v61;
				char _v96;
				char _v124;
				char _v128;
				char _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				signed int _t58;
				void* _t63;
				void* _t64;
				signed int _t70;
				signed int _t81;
				void* _t89;
				signed int _t140;
				void* _t141;
				void* _t143;
				void* _t145;

				_t139 = __esi;
				_t138 = __edi;
				_t96 = __ebx;
				_push(0xffffffff);
				_push(0x50d1f3);
				_push( *[fs:0x0]);
				_t58 =  *0x561244; // 0x554c9ad9
				_push(_t58 ^ _t140);
				 *[fs:0x0] =  &_v16;
				E00405140(_a4 + 4);
				_t63 = E0048BD40(__ebx, __edi, __esi, __eflags, _a4);
				_t143 = _t141 - 0x7c + 4;
				if(_t63 == 0) {
					L16:
					__eflags = _a4 + 4;
					_t64 = E0042E0C0(_a4 + 4);
					 *[fs:0x0] = _v16;
					return _t64;
				}
				E0041F190( &_v28);
				_v8 = 0;
				if(_a4 == 0) {
					_v132 = 0;
				} else {
					_v132 = _a4 + 4;
				}
				_v136 = E004098D0( &_v124, _v132, "*");
				_v140 = _v136;
				_v8 = 1;
				E00409810(_v140);
				_v8 = 2;
				_t70 = E0049F0E0(_t96, _t138, _t139,  &_v96,  &_v28);
				_t145 = _t143 + 0x14;
				_v61 = _t70;
				_v8 = 1;
				E004176E0();
				_v8 = 0;
				E004178C0( &_v124);
				_t149 = _v61 & 0x000000ff;
				if((_v61 & 0x000000ff) == 0) {
					L15:
					_v8 = 0xffffffff;
					E0041F210();
					goto L16;
				} else {
					_v36 = 0;
					E0041F270( &_v28,  &_v40);
					while((E00434020( &_v40, _t149, E00407DE0( &_v28,  &_v128)) & 0x000000ff) != 0) {
						_t81 = GetFileAttributesW(E00416A30(E00422A60( &_v40) + 4));
						_t149 = _t81 & 0x00000010;
						if((_t81 & 0x00000010) != 0) {
							_v56 = PathFindFileNameW(E00416A30(E00422A60( &_v40) + 4));
							_push( &_v44);
							_push( &_v60);
							_push( &_v48);
							_t89 = E00452133(_v56, L"%d.%d.%d.%d",  &_v52);
							_t145 = _t145 + 0x18;
							__eflags = _t89 - 4;
							if(__eflags == 0) {
								_v32 = _v60 * 0x3e8 + _v44 + _v48 * 0xf4240 + _v52 * 0x5f5e100;
								__eflags = _v32 - _v36;
								if(__eflags > 0) {
									E004181D0(_a4, E00433FA0( &_v40));
									_v36 = _v32;
								}
							}
						}
						E00422A80( &_v40);
					}
					goto L15;
				}
			}































                                                                                                                                                                                0x0048c630
                                                                                                                                                                                0x0048c630
                                                                                                                                                                                0x0048c630
                                                                                                                                                                                0x0048c633
                                                                                                                                                                                0x0048c635
                                                                                                                                                                                0x0048c640
                                                                                                                                                                                0x0048c644
                                                                                                                                                                                0x0048c64b
                                                                                                                                                                                0x0048c64f
                                                                                                                                                                                0x0048c65b
                                                                                                                                                                                0x0048c664
                                                                                                                                                                                0x0048c669
                                                                                                                                                                                0x0048c66e
                                                                                                                                                                                0x0048c80c
                                                                                                                                                                                0x0048c80f
                                                                                                                                                                                0x0048c812
                                                                                                                                                                                0x0048c81a
                                                                                                                                                                                0x0048c825
                                                                                                                                                                                0x0048c825
                                                                                                                                                                                0x0048c677
                                                                                                                                                                                0x0048c67c
                                                                                                                                                                                0x0048c687
                                                                                                                                                                                0x0048c694
                                                                                                                                                                                0x0048c689
                                                                                                                                                                                0x0048c68f
                                                                                                                                                                                0x0048c68f
                                                                                                                                                                                0x0048c6b0
                                                                                                                                                                                0x0048c6bc
                                                                                                                                                                                0x0048c6c2
                                                                                                                                                                                0x0048c6d0
                                                                                                                                                                                0x0048c6d5
                                                                                                                                                                                0x0048c6e1
                                                                                                                                                                                0x0048c6e6
                                                                                                                                                                                0x0048c6e9
                                                                                                                                                                                0x0048c6ec
                                                                                                                                                                                0x0048c6f3
                                                                                                                                                                                0x0048c6f8
                                                                                                                                                                                0x0048c6ff
                                                                                                                                                                                0x0048c708
                                                                                                                                                                                0x0048c70a
                                                                                                                                                                                0x0048c7fd
                                                                                                                                                                                0x0048c7fd
                                                                                                                                                                                0x0048c807
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0048c710
                                                                                                                                                                                0x0048c710
                                                                                                                                                                                0x0048c71e
                                                                                                                                                                                0x0048c72d
                                                                                                                                                                                0x0048c760
                                                                                                                                                                                0x0048c766
                                                                                                                                                                                0x0048c769
                                                                                                                                                                                0x0048c786
                                                                                                                                                                                0x0048c78c
                                                                                                                                                                                0x0048c790
                                                                                                                                                                                0x0048c794
                                                                                                                                                                                0x0048c7a2
                                                                                                                                                                                0x0048c7a7
                                                                                                                                                                                0x0048c7aa
                                                                                                                                                                                0x0048c7ad
                                                                                                                                                                                0x0048c7d6
                                                                                                                                                                                0x0048c7dc
                                                                                                                                                                                0x0048c7df
                                                                                                                                                                                0x0048c7ed
                                                                                                                                                                                0x0048c7f5
                                                                                                                                                                                0x0048c7f5
                                                                                                                                                                                0x0048c7f8
                                                                                                                                                                                0x0048c7ad
                                                                                                                                                                                0x0048c728
                                                                                                                                                                                0x0048c728
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0048c72d

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileAttributesW.KERNEL32(00000000,00000000,?,000000FF,?,?), ref: 0048C760
                                                                                                                                                                                • PathFindFileNameW.SHLWAPI(00000000,?,?), ref: 0048C780
                                                                                                                                                                                • _swscanf.LIBCMT ref: 0048C7A2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$AttributesFindNamePath_swscanf
                                                                                                                                                                                • String ID: %d.%d.%d.%d
                                                                                                                                                                                • API String ID: 1908479623-3491811756
                                                                                                                                                                                • Opcode ID: 8932ded887eb2b4b223cab6eba58815bd3312de74124931d4ed4414a21fa40dc
                                                                                                                                                                                • Instruction ID: d6455b66e45acc822c30ab2818c2ba454160a257f257a69446c1519ea5a7681a
                                                                                                                                                                                • Opcode Fuzzy Hash: 8932ded887eb2b4b223cab6eba58815bd3312de74124931d4ed4414a21fa40dc
                                                                                                                                                                                • Instruction Fuzzy Hash: AC518371D001089BDF04EFA5D991BEEBBB5EF54304F14856EE502B7281EB38AA45CB68
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0042F090, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 133COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                			E0042F090(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edi, intOrPtr __esi, unsigned int _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v16;
				char _v20;
				unsigned int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				unsigned int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				void* _v76;
				signed int _t68;
				signed int _t69;
				void* _t74;
				void* _t89;
				intOrPtr _t94;
				intOrPtr _t101;
				intOrPtr _t133;
				signed int _t135;
				void* _t136;
				void* _t137;
				intOrPtr _t138;
				intOrPtr _t140;

				_t134 = __esi;
				_t133 = __edi;
				_t101 = __ebx;
				_push(0xffffffff);
				_push(0x516c98);
				_push( *[fs:0x0]);
				_t137 = _t136 - 0x38;
				_t68 =  *0x561244; // 0x554c9ad9
				_t69 = _t68 ^ _t135;
				_v40 = _t69;
				_push(_t69);
				 *[fs:0x0] =  &_v16;
				_v48 = __ecx;
				_v32 = E00417320();
				E00413100( &_v20);
				_v8 = 0;
				if(_a8 != 0xfde9) {
					_v36 = _a4;
					__eflags = _v36;
					if(__eflags != 0) {
						_t74 = E00451E10(_v36);
						_t138 = _t137 + 4;
						_v24 = _t74 + 1;
						_t41 =  &_v24; // 0x43573f
						__eflags =  *_t41 << 1 - 0x10000;
						if( *_t41 << 1 <= 0x10000) {
							_t45 =  &_v24; // 0x43573f
							__eflags =  *_t45 << 1;
							E00462F60( *_t45 << 1);
							_v72 = _t138;
							_v68 = _v72;
						} else {
							_t42 =  &_v24; // 0x43573f
							_v68 = E0041BA30( &_v20, __esi,  *_t42 << 1);
						}
						_t50 =  &_v24; // 0x43573f
						_v64 = E0042F040(_v68, _v68, _v36,  *_t50, _a8);
					} else {
						_v64 = 0;
					}
					E0041EDA0(_v48, __eflags, _v64);
					 *((intOrPtr*)(_v48 + 0x20)) = _a8;
				} else {
					_v36 = _a4;
					_t143 = _v36;
					if(_v36 != 0) {
						_t89 = E00451E10(_v36);
						_t140 = _t137 + 4;
						_t14 = _t89 + 2; // 0x2
						_v24 = _t89 + _t14;
						__eflags = _v24 - 0x10000;
						if(_v24 <= 0x10000) {
							E00462F60(_v24);
							_v60 = _t140;
							_v56 = _v60;
						} else {
							_v56 = E0041BA30( &_v20, __esi, _v24);
						}
						_v28 = _v56;
						__eflags = _v24 >> 1;
						_t94 = E0041BBD0(_t133, _v36, _v28, _v24 >> 1);
						_t137 = _t140 + 0xc;
						_v52 = _t94;
					} else {
						_v52 = 0;
					}
					E0041EDA0(_v48, _t143, _v52);
					 *((intOrPtr*)(_v48 + 0x20)) = E0041B5F0(_v48 + 4, E00416A30(_v48 + 4));
				}
				_v44 = _v48;
				_v8 = 0xffffffff;
				E004351A0( &_v20);
				 *[fs:0x0] = _v16;
				return E0044F6C8(_v44, _t101, _v40 ^ _t135, _v48, _t133, _t134);
			}
































                                                                                                                                                                                0x0042f090
                                                                                                                                                                                0x0042f090
                                                                                                                                                                                0x0042f090
                                                                                                                                                                                0x0042f093
                                                                                                                                                                                0x0042f095
                                                                                                                                                                                0x0042f0a0
                                                                                                                                                                                0x0042f0a1
                                                                                                                                                                                0x0042f0a4
                                                                                                                                                                                0x0042f0a9
                                                                                                                                                                                0x0042f0ab
                                                                                                                                                                                0x0042f0ae
                                                                                                                                                                                0x0042f0b2
                                                                                                                                                                                0x0042f0b8
                                                                                                                                                                                0x0042f0c0
                                                                                                                                                                                0x0042f0c6
                                                                                                                                                                                0x0042f0cb
                                                                                                                                                                                0x0042f0d9
                                                                                                                                                                                0x0042f17f
                                                                                                                                                                                0x0042f182
                                                                                                                                                                                0x0042f186
                                                                                                                                                                                0x0042f195
                                                                                                                                                                                0x0042f19a
                                                                                                                                                                                0x0042f1a0
                                                                                                                                                                                0x0042f1a3
                                                                                                                                                                                0x0042f1a8
                                                                                                                                                                                0x0042f1ae
                                                                                                                                                                                0x0042f1c3
                                                                                                                                                                                0x0042f1c6
                                                                                                                                                                                0x0042f1c8
                                                                                                                                                                                0x0042f1cd
                                                                                                                                                                                0x0042f1d3
                                                                                                                                                                                0x0042f1b0
                                                                                                                                                                                0x0042f1b0
                                                                                                                                                                                0x0042f1be
                                                                                                                                                                                0x0042f1be
                                                                                                                                                                                0x0042f1da
                                                                                                                                                                                0x0042f1eb
                                                                                                                                                                                0x0042f188
                                                                                                                                                                                0x0042f188
                                                                                                                                                                                0x0042f188
                                                                                                                                                                                0x0042f1f5
                                                                                                                                                                                0x0042f200
                                                                                                                                                                                0x0042f0df
                                                                                                                                                                                0x0042f0e2
                                                                                                                                                                                0x0042f0e5
                                                                                                                                                                                0x0042f0e9
                                                                                                                                                                                0x0042f0f8
                                                                                                                                                                                0x0042f0fd
                                                                                                                                                                                0x0042f100
                                                                                                                                                                                0x0042f104
                                                                                                                                                                                0x0042f107
                                                                                                                                                                                0x0042f10e
                                                                                                                                                                                0x0042f124
                                                                                                                                                                                0x0042f129
                                                                                                                                                                                0x0042f12f
                                                                                                                                                                                0x0042f110
                                                                                                                                                                                0x0042f11c
                                                                                                                                                                                0x0042f11c
                                                                                                                                                                                0x0042f135
                                                                                                                                                                                0x0042f13b
                                                                                                                                                                                0x0042f146
                                                                                                                                                                                0x0042f14b
                                                                                                                                                                                0x0042f14e
                                                                                                                                                                                0x0042f0eb
                                                                                                                                                                                0x0042f0eb
                                                                                                                                                                                0x0042f0eb
                                                                                                                                                                                0x0042f158
                                                                                                                                                                                0x0042f174
                                                                                                                                                                                0x0042f174
                                                                                                                                                                                0x0042f206
                                                                                                                                                                                0x0042f209
                                                                                                                                                                                0x0042f213
                                                                                                                                                                                0x0042f221
                                                                                                                                                                                0x0042f236

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _strlen$_malloc
                                                                                                                                                                                • String ID: ?WC$?WC
                                                                                                                                                                                • API String ID: 1848352940-3621212526
                                                                                                                                                                                • Opcode ID: cb553d21126b40978c9c1d9364a7c44a1aca97ea65b2ab024412406693a42ca8
                                                                                                                                                                                • Instruction ID: fe12d40af176b4895fcee0970b276af7f596cbb0b5865be36414c146b9af3522
                                                                                                                                                                                • Opcode Fuzzy Hash: cb553d21126b40978c9c1d9364a7c44a1aca97ea65b2ab024412406693a42ca8
                                                                                                                                                                                • Instruction Fuzzy Hash: 4F51F6B1E00119DBCB04DFA9D981AEEB7B1FF48304F90812EE815B7341D738AA45CBA5
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004E6B00, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 124sleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                			E004E6B00(intOrPtr __ecx, void* __esi, int _a4) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v40;
				char _v56;
				char _v72;
				intOrPtr _v76;
				intOrPtr* _v80;
				intOrPtr _v84;
				signed int _t66;
				void* _t136;
				signed int _t137;

				_t136 = __esi;
				_push(0xffffffff);
				_push(0x5062ed);
				_push( *[fs:0x0]);
				_t66 =  *0x561244; // 0x554c9ad9
				_push(_t66 ^ _t137);
				 *[fs:0x0] =  &_v16;
				_v76 = __ecx;
				_v20 = 0x8000ffff;
				if(E0041D530(_v76 + 0x3c) != 0) {
					E00439EE0();
					_v8 = 0;
					_v80 = E0041D530(_v76 + 0x3c);
					 *((intOrPtr*)( *((intOrPtr*)( *_v80 + 0x1c))))(_v80, E00434050( &_v24));
					if(E0041D530( &_v24) != 0) {
						if(_a4 == 0xffffffff) {
							_a4 = 0x64;
						}
						E00416A10( &_v56);
						_v8 = 1;
						E00416A10( &_v72);
						_v8 = 2;
						E00416A10( &_v40);
						_v8 = 3;
						do {
							if(_a4 -  *(_v76 + 0xc) <= 3) {
								_v84 = _a4 -  *(_v76 + 0xc);
							} else {
								_v84 = 3;
							}
							 *(_v76 + 0xc) =  *(_v76 + 0xc) + _v84;
							E00423440( &_v56,  *(_v76 + 0xc));
							E00423440( &_v72, MulDiv( *(_v76 + 0xc),  *(_v76 + 4), 0x64) +  *((intOrPtr*)(_v76 + 8)));
							_v20 = E004233F0( &_v24, _t136, L"onNotifyProgress",  &_v56,  &_v72,  &_v40);
							if( *(_v76 + 0xc) < _a4) {
								Sleep(0xa);
							}
						} while ( *(_v76 + 0xc) < _a4);
						_v8 = 2;
						E00417430( &_v40);
						_v8 = 1;
						E00417430( &_v72);
						_v8 = 0;
						E00417430( &_v56);
					}
					_v8 = 0xffffffff;
					E00439240();
				}
				 *[fs:0x0] = _v16;
				return 0;
			}
















                                                                                                                                                                                0x004e6b00
                                                                                                                                                                                0x004e6b03
                                                                                                                                                                                0x004e6b05
                                                                                                                                                                                0x004e6b10
                                                                                                                                                                                0x004e6b14
                                                                                                                                                                                0x004e6b1b
                                                                                                                                                                                0x004e6b1f
                                                                                                                                                                                0x004e6b25
                                                                                                                                                                                0x004e6b28
                                                                                                                                                                                0x004e6b3c
                                                                                                                                                                                0x004e6b45
                                                                                                                                                                                0x004e6b4a
                                                                                                                                                                                0x004e6b5c
                                                                                                                                                                                0x004e6b74
                                                                                                                                                                                0x004e6b80
                                                                                                                                                                                0x004e6b8a
                                                                                                                                                                                0x004e6b8c
                                                                                                                                                                                0x004e6b8c
                                                                                                                                                                                0x004e6b96
                                                                                                                                                                                0x004e6b9b
                                                                                                                                                                                0x004e6ba2
                                                                                                                                                                                0x004e6ba7
                                                                                                                                                                                0x004e6bae
                                                                                                                                                                                0x004e6bb3
                                                                                                                                                                                0x004e6bb7
                                                                                                                                                                                0x004e6bc3
                                                                                                                                                                                0x004e6bd7
                                                                                                                                                                                0x004e6bc5
                                                                                                                                                                                0x004e6bc5
                                                                                                                                                                                0x004e6bc5
                                                                                                                                                                                0x004e6be6
                                                                                                                                                                                0x004e6bf3
                                                                                                                                                                                0x004e6c18
                                                                                                                                                                                0x004e6c36
                                                                                                                                                                                0x004e6c42
                                                                                                                                                                                0x004e6c46
                                                                                                                                                                                0x004e6c46
                                                                                                                                                                                0x004e6c52
                                                                                                                                                                                0x004e6c5b
                                                                                                                                                                                0x004e6c62
                                                                                                                                                                                0x004e6c67
                                                                                                                                                                                0x004e6c6e
                                                                                                                                                                                0x004e6c73
                                                                                                                                                                                0x004e6c7a
                                                                                                                                                                                0x004e6c7a
                                                                                                                                                                                0x004e6c7f
                                                                                                                                                                                0x004e6c89
                                                                                                                                                                                0x004e6c89
                                                                                                                                                                                0x004e6c93
                                                                                                                                                                                0x004e6c9e

                                                                                                                                                                                APIs
                                                                                                                                                                                • MulDiv.KERNEL32(?,?,00000064), ref: 004E6C08
                                                                                                                                                                                • Sleep.KERNEL32(0000000A,onNotifyProgress,?,?,?,?), ref: 004E6C46
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                • String ID: d$onNotifyProgress
                                                                                                                                                                                • API String ID: 3472027048-1609401321
                                                                                                                                                                                • Opcode ID: 9d87373aa5f0380d0523721526ff7348d815d258d46ac3fcf6cd2fb38ae34b26
                                                                                                                                                                                • Instruction ID: a37b9d4cbb157d9b5eae3b3dd72c928394f0c5ab0b1a33107af4011a95fb9640
                                                                                                                                                                                • Opcode Fuzzy Hash: 9d87373aa5f0380d0523721526ff7348d815d258d46ac3fcf6cd2fb38ae34b26
                                                                                                                                                                                • Instruction Fuzzy Hash: 88515C70900248DFCB04DF99C991AEEFBB5FF14318F24825EE405A7291DB74AE46CB95
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00427B10, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00427B10(char __ecx, void* __eflags, char _a4) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _t27;
				char* _t32;
				intOrPtr* _t33;
				intOrPtr* _t35;
				intOrPtr* _t36;
				intOrPtr* _t39;
				intOrPtr* _t42;
				intOrPtr* _t43;
				intOrPtr* _t44;
				intOrPtr* _t47;
				intOrPtr* _t51;
				void* _t78;
				void* _t83;
				void* _t85;
				void* _t87;

				_v12 = __ecx;
				_t2 =  &_a4; // 0x433644
				_v8 =  *((intOrPtr*)(E00441910( *_t2)));
				_t27 = E00415110(_v8);
				_t5 =  &_a4; // 0x433644
				 *((intOrPtr*)(E00441910( *_t5))) =  *_t27;
				_t32 = E004271F0( *((intOrPtr*)(E00415110(_v8))));
				_t83 = _t78 + 0x14;
				if( *_t32 == 0) {
					_t51 = E0042AE30( *((intOrPtr*)(E00415110(_v8))));
					_t83 = _t83 + 8;
					_t8 =  &_a4; // 0x433644
					 *_t51 =  *_t8;
				}
				_t9 =  &_a4; // 0x433644
				_t33 = E0042AE30( *_t9);
				_t35 = E0042AE30(_v8);
				_t85 = _t83 + 8;
				 *_t35 =  *_t33;
				_t11 =  &_v12; // 0x433644
				_t36 = E0041D410( *_t11);
				_t12 =  &_a4; // 0x433644
				if( *_t12 !=  *_t36) {
					_t15 =  &_a4; // 0x433644
					_t39 = E00415110( *((intOrPtr*)(E0042AE30( *_t15))));
					_t87 = _t85 + 8;
					_t16 =  &_a4; // 0x433644
					if( *_t16 !=  *_t39) {
						_t19 =  &_a4; // 0x433644
						_t42 = E00441910( *((intOrPtr*)(E0042AE30( *_t19))));
						_t85 = _t87 + 8;
						 *_t42 = _v8;
					} else {
						_t17 =  &_a4; // 0x433644
						_t47 = E00415110( *((intOrPtr*)(E0042AE30( *_t17))));
						_t85 = _t87 + 8;
						 *_t47 = _v8;
					}
				} else {
					_t13 =  &_v12; // 0x433644
					 *((intOrPtr*)(E0041D410( *_t13))) = _v8;
				}
				_t43 = E00415110(_v8);
				_t22 =  &_a4; // 0x433644
				 *_t43 =  *_t22;
				_t23 =  &_a4; // 0x433644
				_t44 = E0042AE30( *_t23);
				 *_t44 = _v8;
				return _t44;
			}




















                                                                                                                                                                                0x00427b17
                                                                                                                                                                                0x00427b1a
                                                                                                                                                                                0x00427b28
                                                                                                                                                                                0x00427b2f
                                                                                                                                                                                0x00427b39
                                                                                                                                                                                0x00427b47
                                                                                                                                                                                0x00427b58
                                                                                                                                                                                0x00427b5d
                                                                                                                                                                                0x00427b65
                                                                                                                                                                                0x00427b76
                                                                                                                                                                                0x00427b7b
                                                                                                                                                                                0x00427b7e
                                                                                                                                                                                0x00427b81
                                                                                                                                                                                0x00427b81
                                                                                                                                                                                0x00427b83
                                                                                                                                                                                0x00427b87
                                                                                                                                                                                0x00427b95
                                                                                                                                                                                0x00427b9a
                                                                                                                                                                                0x00427b9f
                                                                                                                                                                                0x00427ba1
                                                                                                                                                                                0x00427ba4
                                                                                                                                                                                0x00427ba9
                                                                                                                                                                                0x00427bae
                                                                                                                                                                                0x00427bbf
                                                                                                                                                                                0x00427bce
                                                                                                                                                                                0x00427bd3
                                                                                                                                                                                0x00427bd6
                                                                                                                                                                                0x00427bdb
                                                                                                                                                                                0x00427bfb
                                                                                                                                                                                0x00427c0a
                                                                                                                                                                                0x00427c0f
                                                                                                                                                                                0x00427c15
                                                                                                                                                                                0x00427bdd
                                                                                                                                                                                0x00427bdd
                                                                                                                                                                                0x00427bec
                                                                                                                                                                                0x00427bf1
                                                                                                                                                                                0x00427bf7
                                                                                                                                                                                0x00427bf7
                                                                                                                                                                                0x00427bb0
                                                                                                                                                                                0x00427bb0
                                                                                                                                                                                0x00427bbb
                                                                                                                                                                                0x00427bbb
                                                                                                                                                                                0x00427c1b
                                                                                                                                                                                0x00427c23
                                                                                                                                                                                0x00427c26
                                                                                                                                                                                0x00427c28
                                                                                                                                                                                0x00427c2c
                                                                                                                                                                                0x00427c37
                                                                                                                                                                                0x00427c3d

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Handle
                                                                                                                                                                                • String ID: D6C$D6C
                                                                                                                                                                                • API String ID: 2519475695-3729970199
                                                                                                                                                                                • Opcode ID: 73bab9b323b3af65f751d4bceb1319c06beba5c8193e2e25ad457ea62c87e230
                                                                                                                                                                                • Instruction ID: 1e1819cb50db400c064340da7a5e868b9e1a5bb3b7431f14cbdcda3e580f80ba
                                                                                                                                                                                • Opcode Fuzzy Hash: 73bab9b323b3af65f751d4bceb1319c06beba5c8193e2e25ad457ea62c87e230
                                                                                                                                                                                • Instruction Fuzzy Hash: C44162F9E00114AFDB05EF64E48289E7775AF98308B1444B9F8094B312E639EE51CB96
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004C1FE0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                			E004C1FE0(void* __eflags, intOrPtr _a4, intOrPtr _a8, char _a12) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v37;
				intOrPtr _v44;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t39;
				void* _t43;
				intOrPtr _t51;
				void* _t55;
				intOrPtr _t75;
				void* _t78;
				signed int _t82;
				void* _t83;
				intOrPtr _t84;
				void* _t85;
				void* _t86;

				_push(0xffffffff);
				_push(0x506acb);
				_push( *[fs:0x0]);
				_t84 = _t83 - 0x18;
				_push(_t55);
				_push(_t78);
				_t39 =  *0x561244; // 0x554c9ad9
				_push(_t39 ^ _t82);
				 *[fs:0x0] =  &_v16;
				_v20 = _t84;
				_t43 = E0044F9A4(_a8);
				_t85 = _t84 + 4;
				if(_t43 != 0) {
					_v8 = 0;
					_v28 =  &_a12;
					E00453611(0x5c21f0, 0x3e8, _a8, _v28);
					_t86 = _t85 + 0x10;
					_v28 = 0;
					_v8 = 0xffffffff;
					_t75 = _a4;
					_t90 =  *((intOrPtr*)(_t75 + 4));
					if( *((intOrPtr*)(_t75 + 4)) == 0) {
						_t51 = E0044F76F(_t55, _t78, _t90, 0x20);
						_t86 = _t86 + 4;
						_v36 = _t51;
						_v8 = 2;
						if(_v36 == 0) {
							_v44 = 0;
						} else {
							_v44 = E004175C0(E00434050( &_v37));
						}
						_v32 = _v44;
						_v8 = 0xffffffff;
						 *((intOrPtr*)(_a4 + 4)) = _v32;
					}
					_v24 =  *((intOrPtr*)(_a4 + 4));
					E004130D0(_v24 + 4, 0x5c21f0);
					E004130D0(_v24 + 4, 0x5300d0);
					if( *((intOrPtr*)(_a4 + 8)) != 0xffffffff) {
						E004C1E80(0x5c21f0, 0x3e8, L"->[%d]\n",  *((intOrPtr*)(_a4 + 8)));
						__eflags = _v24 + 4;
						_t43 = E004130D0(_v24 + 4, 0x5c21f0);
					} else {
						_t43 = E004130D0(_v24 + 4, 0x5300d4);
					}
				}
				 *[fs:0x0] = _v16;
				return _t43;
			}



























                                                                                                                                                                                0x004c1fe3
                                                                                                                                                                                0x004c1fe5
                                                                                                                                                                                0x004c1ff0
                                                                                                                                                                                0x004c1ff2
                                                                                                                                                                                0x004c1ff5
                                                                                                                                                                                0x004c1ff7
                                                                                                                                                                                0x004c1ff8
                                                                                                                                                                                0x004c1fff
                                                                                                                                                                                0x004c2003
                                                                                                                                                                                0x004c2009
                                                                                                                                                                                0x004c2010
                                                                                                                                                                                0x004c2015
                                                                                                                                                                                0x004c201a
                                                                                                                                                                                0x004c2020
                                                                                                                                                                                0x004c202a
                                                                                                                                                                                0x004c203f
                                                                                                                                                                                0x004c2044
                                                                                                                                                                                0x004c2047
                                                                                                                                                                                0x004c2078
                                                                                                                                                                                0x004c207f
                                                                                                                                                                                0x004c2082
                                                                                                                                                                                0x004c2086
                                                                                                                                                                                0x004c208a
                                                                                                                                                                                0x004c208f
                                                                                                                                                                                0x004c2092
                                                                                                                                                                                0x004c2095
                                                                                                                                                                                0x004c20a0
                                                                                                                                                                                0x004c20b8
                                                                                                                                                                                0x004c20a2
                                                                                                                                                                                0x004c20b3
                                                                                                                                                                                0x004c20b3
                                                                                                                                                                                0x004c20c2
                                                                                                                                                                                0x004c20c5
                                                                                                                                                                                0x004c20d2
                                                                                                                                                                                0x004c20d2
                                                                                                                                                                                0x004c20db
                                                                                                                                                                                0x004c20e9
                                                                                                                                                                                0x004c20f9
                                                                                                                                                                                0x004c2105
                                                                                                                                                                                0x004c212f
                                                                                                                                                                                0x004c213f
                                                                                                                                                                                0x004c2142
                                                                                                                                                                                0x004c2107
                                                                                                                                                                                0x004c2112
                                                                                                                                                                                0x004c2112
                                                                                                                                                                                0x004c2105
                                                                                                                                                                                0x004c214a
                                                                                                                                                                                0x004c2158

                                                                                                                                                                                APIs
                                                                                                                                                                                • _wcslen.LIBCMT ref: 004C2010
                                                                                                                                                                                • _vswprintf_s.LIBCMT ref: 004C203F
                                                                                                                                                                                  • Part of subcall function 00453611: __vsnwprintf_l.LIBCMT ref: 00453624
                                                                                                                                                                                  • Part of subcall function 0044F76F: _malloc.LIBCMT ref: 0044F789
                                                                                                                                                                                • _swprintf.LIBCMTD ref: 004C212F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __vsnwprintf_l_malloc_swprintf_vswprintf_s_wcslen
                                                                                                                                                                                • String ID: ->[%d]
                                                                                                                                                                                • API String ID: 919113508-1967647186
                                                                                                                                                                                • Opcode ID: 3b8ff89e6457e8b4b0ce93bbcc966be1b075cd25bc8e88fcb02cc78357ec65bb
                                                                                                                                                                                • Instruction ID: e3a414589ff9bb562630220d31cb12d6e02212e954a4a91c085afea6a517ee55
                                                                                                                                                                                • Opcode Fuzzy Hash: 3b8ff89e6457e8b4b0ce93bbcc966be1b075cd25bc8e88fcb02cc78357ec65bb
                                                                                                                                                                                • Instruction Fuzzy Hash: D9417374A00209AFDB14DF89C955FEEBBB4FB04314F14421EE915673C1D7B4AA41CBA5
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004F2770, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                			E004F2770(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v8;
				char _v16;
				char _v20;
				intOrPtr _v32;
				char _v40;
				char _v41;
				intOrPtr* _v48;
				signed int _t26;
				char _t32;
				signed char _t35;
				signed int _t69;

				_push(0xffffffff);
				_push(0x50f626);
				_push( *[fs:0x0]);
				_t26 =  *0x561244; // 0x554c9ad9
				_push(_t26 ^ _t69);
				 *[fs:0x0] =  &_v16;
				_v48 = __ecx;
				if((E00404920(E00404820()) & 0x000000ff) != 0 || ( *0x5bdd29 & 0x000000ff) != 0) {
					L7:
					_t32 = 1;
				} else {
					E00414C90();
					_v8 = 0;
					_t35 = E004F06E0(_v48, L"brwseCntnr", E00434050( &_v20));
					_t75 = _t35 & 0x000000ff;
					if((_t35 & 0x000000ff) == 0) {
						L6:
						_v8 = 0xffffffff;
						E0040D320();
						goto L7;
					} else {
						E00416A10( &_v40);
						_v8 = 1;
						 *((intOrPtr*)( *((intOrPtr*)( *_v48 + 0x80))))(_v48, L"getBrowse", 0, 0,  &_v40);
						if((E004D9EF0(__ebx, E00404820(), _v32, __edi, __esi, _t75, __fp0, _v32) & 0x000000ff) != 0) {
							_v8 = 0;
							E00417430( &_v40);
							goto L6;
						} else {
							_v41 = 0;
							_v8 = 0;
							E00417430( &_v40);
							_v8 = 0xffffffff;
							E0040D320();
							_t32 = _v41;
						}
					}
				}
				 *[fs:0x0] = _v16;
				return _t32;
			}














                                                                                                                                                                                0x004f2773
                                                                                                                                                                                0x004f2775
                                                                                                                                                                                0x004f2780
                                                                                                                                                                                0x004f2784
                                                                                                                                                                                0x004f278b
                                                                                                                                                                                0x004f278f
                                                                                                                                                                                0x004f2795
                                                                                                                                                                                0x004f27a9
                                                                                                                                                                                0x004f286a
                                                                                                                                                                                0x004f286a
                                                                                                                                                                                0x004f27be
                                                                                                                                                                                0x004f27c1
                                                                                                                                                                                0x004f27c6
                                                                                                                                                                                0x004f27de
                                                                                                                                                                                0x004f27e6
                                                                                                                                                                                0x004f27e8
                                                                                                                                                                                0x004f285b
                                                                                                                                                                                0x004f285b
                                                                                                                                                                                0x004f2865
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f27ea
                                                                                                                                                                                0x004f27ed
                                                                                                                                                                                0x004f27f2
                                                                                                                                                                                0x004f2812
                                                                                                                                                                                0x004f2829
                                                                                                                                                                                0x004f284f
                                                                                                                                                                                0x004f2856
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004f282b
                                                                                                                                                                                0x004f282b
                                                                                                                                                                                0x004f282f
                                                                                                                                                                                0x004f2836
                                                                                                                                                                                0x004f283b
                                                                                                                                                                                0x004f2845
                                                                                                                                                                                0x004f284a
                                                                                                                                                                                0x004f284a
                                                                                                                                                                                0x004f2829
                                                                                                                                                                                0x004f27e8
                                                                                                                                                                                0x004f286f
                                                                                                                                                                                0x004f287a

                                                                                                                                                                                APIs
                                                                                                                                                                                • _Immortalize.LIBCPMTD ref: 004F2798
                                                                                                                                                                                  • Part of subcall function 00416A10: VariantInit.OLEAUT32(4<O), ref: 00416A1B
                                                                                                                                                                                • _Immortalize.LIBCPMTD ref: 004F2818
                                                                                                                                                                                  • Part of subcall function 004D9EF0: _Immortalize.LIBCPMTD ref: 004D9F39
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Immortalize$InitVariant
                                                                                                                                                                                • String ID: brwseCntnr$getBrowse
                                                                                                                                                                                • API String ID: 2111759460-262030208
                                                                                                                                                                                • Opcode ID: c52fb5ae1b5af3db22209827fb280a0f0815b1db6de82ece67e65c2be40546e1
                                                                                                                                                                                • Instruction ID: 4fa7eccefb8ea2d50809eb1b252eb4b554dd85de9e3476904be64cfb06904a21
                                                                                                                                                                                • Opcode Fuzzy Hash: c52fb5ae1b5af3db22209827fb280a0f0815b1db6de82ece67e65c2be40546e1
                                                                                                                                                                                • Instruction Fuzzy Hash: 8031D570D001489BCB04EBA6D952BFEBBB4AF54304F50866EE511BB2D1DB785E04CBA8
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0041F420, Relevance: 6.2, APIs: 4, Instructions: 155COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                			E0041F420(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v21;
				char _v28;
				char _v32;
				char _v33;
				char _v40;
				char _v41;
				char _v48;
				char _v49;
				intOrPtr _v56;
				intOrPtr _v60;
				char* _t66;
				void* _t72;
				void* _t95;
				void* _t96;
				intOrPtr* _t98;
				intOrPtr* _t101;
				void* _t142;
				void* _t143;
				void* _t147;

				_v56 = __ecx;
				_v16 =  *((intOrPtr*)(E0041D410(_v56)));
				_v12 =  *((intOrPtr*)(_v56 + 4));
				_v5 = 1;
				while(1) {
					_t66 = E00420160(_v16);
					_t143 = _t142 + 4;
					_t149 =  *_t66;
					if( *_t66 != 0) {
						break;
					}
					_v12 = _v16;
					_t95 = E00436060(_t149, _v16);
					_t96 = E00415110(_a8);
					_t147 = _t143 + 8;
					_v5 = E00420AA0(_v56, _t96, _t95);
					if((_v5 & 0x000000ff) == 0) {
						_t98 = E00441910(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t98;
					} else {
						_t101 = E00415110(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t101;
					}
					_v16 = _v60;
				}
				__eflags = 0;
				if(0 == 0) {
					E00445360( &_v20, _v12);
					__eflags = _v5 & 0x000000ff;
					if(__eflags != 0) {
						__eflags = E00444870( &_v20, E004083B0(_v56,  &_v32)) & 0x000000ff;
						if(__eflags == 0) {
							E00420AC0( &_v20);
							L13:
							_t72 = E00415110(_a8);
							__eflags = E00420AA0(_v56, E00436060(__eflags, E0041D530( &_v20)), _t72) & 0x000000ff;
							if(__eflags == 0) {
								_v49 = 0;
								E00445E50(_a4,  &_v20,  &_v49);
								return _a4;
							}
							_v41 = 1;
							E00445E50(_a4, E00420290(_v56, __eflags,  &_v48, _v5 & 0x000000ff, _v12, _a8),  &_v41);
							return _a4;
						}
						_v33 = 1;
						E00445E50(_a4, E00420290(_v56, __eflags,  &_v40, 1, _v12, _a8),  &_v33);
						return _a4;
					}
					goto L13;
				}
				_v21 = 1;
				E00445E50(_a4, E00420290(_v56, 0,  &_v28, _v5 & 0x000000ff, _v12, _a8),  &_v21);
				return _a4;
			}


























                                                                                                                                                                                0x0041f426
                                                                                                                                                                                0x0041f433
                                                                                                                                                                                0x0041f43c
                                                                                                                                                                                0x0041f43f
                                                                                                                                                                                0x0041f443
                                                                                                                                                                                0x0041f447
                                                                                                                                                                                0x0041f44c
                                                                                                                                                                                0x0041f452
                                                                                                                                                                                0x0041f454
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0041f459
                                                                                                                                                                                0x0041f460
                                                                                                                                                                                0x0041f46d
                                                                                                                                                                                0x0041f472
                                                                                                                                                                                0x0041f47e
                                                                                                                                                                                0x0041f487
                                                                                                                                                                                0x0041f4a0
                                                                                                                                                                                0x0041f4a5
                                                                                                                                                                                0x0041f4aa
                                                                                                                                                                                0x0041f489
                                                                                                                                                                                0x0041f48d
                                                                                                                                                                                0x0041f492
                                                                                                                                                                                0x0041f497
                                                                                                                                                                                0x0041f497
                                                                                                                                                                                0x0041f4b0
                                                                                                                                                                                0x0041f4b0
                                                                                                                                                                                0x0041f4b5
                                                                                                                                                                                0x0041f4b7
                                                                                                                                                                                0x0041f4f7
                                                                                                                                                                                0x0041f500
                                                                                                                                                                                0x0041f502
                                                                                                                                                                                0x0041f51e
                                                                                                                                                                                0x0041f520
                                                                                                                                                                                0x0041f556
                                                                                                                                                                                0x0041f55b
                                                                                                                                                                                0x0041f55f
                                                                                                                                                                                0x0041f585
                                                                                                                                                                                0x0041f587
                                                                                                                                                                                0x0041f5ba
                                                                                                                                                                                0x0041f5c9
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0041f5ce
                                                                                                                                                                                0x0041f589
                                                                                                                                                                                0x0041f5ae
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0041f5b3
                                                                                                                                                                                0x0041f522
                                                                                                                                                                                0x0041f544
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0041f549
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0041f504
                                                                                                                                                                                0x0041f4b9
                                                                                                                                                                                0x0041f4de
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Cnd_initHandlestd::_
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3964502784-0
                                                                                                                                                                                • Opcode ID: 674a9958b9a5c9a5cb453f160200f63fe660729ab341863490913925c6397475
                                                                                                                                                                                • Instruction ID: 2c4a320b3958d148fafe5ac47a3fe145740335362e9ed150bb876a8542427f4e
                                                                                                                                                                                • Opcode Fuzzy Hash: 674a9958b9a5c9a5cb453f160200f63fe660729ab341863490913925c6397475
                                                                                                                                                                                • Instruction Fuzzy Hash: 8A5194B5D04108BFCB04DF95D891EEF77BAAF98304F14806EF40AA7242DA34AA45CB64
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00431600, Relevance: 6.2, APIs: 4, Instructions: 155COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                			E00431600(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v21;
				char _v28;
				char _v32;
				char _v33;
				char _v40;
				char _v41;
				char _v48;
				char _v49;
				intOrPtr _v56;
				intOrPtr _v60;
				char* _t66;
				void* _t72;
				void* _t95;
				void* _t96;
				intOrPtr* _t98;
				intOrPtr* _t101;
				void* _t142;
				void* _t143;
				void* _t147;

				_v56 = __ecx;
				_v16 =  *((intOrPtr*)(E0041D410(_v56)));
				_v12 =  *((intOrPtr*)(_v56 + 4));
				_v5 = 1;
				while(1) {
					_t66 = E00408710(_v16);
					_t143 = _t142 + 4;
					_t149 =  *_t66;
					if( *_t66 != 0) {
						break;
					}
					_v12 = _v16;
					_t95 = E00436060(_t149, _v16);
					_t96 = E00415110(_a8);
					_t147 = _t143 + 8;
					_v5 = E0041CC50(_v56, _t96, _t95);
					if((_v5 & 0x000000ff) == 0) {
						_t98 = E00441910(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t98;
					} else {
						_t101 = E00415110(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t101;
					}
					_v16 = _v60;
				}
				__eflags = 0;
				if(0 == 0) {
					E00445360( &_v20, _v12);
					__eflags = _v5 & 0x000000ff;
					if(__eflags != 0) {
						__eflags = E00444870( &_v20, E004083B0(_v56,  &_v32)) & 0x000000ff;
						if(__eflags == 0) {
							E00431E70( &_v20);
							L13:
							_t72 = E00415110(_a8);
							__eflags = E0041CC50(_v56, E00436060(__eflags, E0041D530( &_v20)), _t72) & 0x000000ff;
							if(__eflags == 0) {
								_v49 = 0;
								E00445E50(_a4,  &_v20,  &_v49);
								return _a4;
							}
							_v41 = 1;
							E00445E50(_a4, E00431A00(_v56, __eflags,  &_v48, _v5 & 0x000000ff, _v12, _a8),  &_v41);
							return _a4;
						}
						_v33 = 1;
						E00445E50(_a4, E00431A00(_v56, __eflags,  &_v40, 1, _v12, _a8),  &_v33);
						return _a4;
					}
					goto L13;
				}
				_v21 = 1;
				E00445E50(_a4, E00431A00(_v56, 0,  &_v28, _v5 & 0x000000ff, _v12, _a8),  &_v21);
				return _a4;
			}


























                                                                                                                                                                                0x00431606
                                                                                                                                                                                0x00431613
                                                                                                                                                                                0x0043161c
                                                                                                                                                                                0x0043161f
                                                                                                                                                                                0x00431623
                                                                                                                                                                                0x00431627
                                                                                                                                                                                0x0043162c
                                                                                                                                                                                0x00431632
                                                                                                                                                                                0x00431634
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00431639
                                                                                                                                                                                0x00431640
                                                                                                                                                                                0x0043164d
                                                                                                                                                                                0x00431652
                                                                                                                                                                                0x0043165e
                                                                                                                                                                                0x00431667
                                                                                                                                                                                0x00431680
                                                                                                                                                                                0x00431685
                                                                                                                                                                                0x0043168a
                                                                                                                                                                                0x00431669
                                                                                                                                                                                0x0043166d
                                                                                                                                                                                0x00431672
                                                                                                                                                                                0x00431677
                                                                                                                                                                                0x00431677
                                                                                                                                                                                0x00431690
                                                                                                                                                                                0x00431690
                                                                                                                                                                                0x00431695
                                                                                                                                                                                0x00431697
                                                                                                                                                                                0x004316d7
                                                                                                                                                                                0x004316e0
                                                                                                                                                                                0x004316e2
                                                                                                                                                                                0x004316fe
                                                                                                                                                                                0x00431700
                                                                                                                                                                                0x00431736
                                                                                                                                                                                0x0043173b
                                                                                                                                                                                0x0043173f
                                                                                                                                                                                0x00431765
                                                                                                                                                                                0x00431767
                                                                                                                                                                                0x0043179a
                                                                                                                                                                                0x004317a9
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004317ae
                                                                                                                                                                                0x00431769
                                                                                                                                                                                0x0043178e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00431793
                                                                                                                                                                                0x00431702
                                                                                                                                                                                0x00431724
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00431729
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004316e4
                                                                                                                                                                                0x00431699
                                                                                                                                                                                0x004316be
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Cnd_initHandlestd::_
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3964502784-0
                                                                                                                                                                                • Opcode ID: 63f6e11ae261600f7b0eadfe7e58b16e9400b1e535cce3b340d6ef79147bb440
                                                                                                                                                                                • Instruction ID: 996a7f4a3a204697f120b1106b66c89e51c997d561b5141b1d18d575e8886a06
                                                                                                                                                                                • Opcode Fuzzy Hash: 63f6e11ae261600f7b0eadfe7e58b16e9400b1e535cce3b340d6ef79147bb440
                                                                                                                                                                                • Instruction Fuzzy Hash: 71516EB5D04108BFCB04DBD5D891EEFBBB9AF88304F14805EF406A7251DB38AA05CBA5
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0041C810, Relevance: 6.2, APIs: 4, Instructions: 155COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                			E0041C810(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v21;
				char _v28;
				char _v32;
				char _v33;
				char _v40;
				char _v41;
				char _v48;
				char _v49;
				intOrPtr _v56;
				intOrPtr _v60;
				char* _t66;
				void* _t72;
				void* _t95;
				void* _t96;
				intOrPtr* _t98;
				intOrPtr* _t101;
				void* _t142;
				void* _t143;
				void* _t147;

				_v56 = __ecx;
				_v16 =  *((intOrPtr*)(E0041D410(_v56)));
				_v12 =  *((intOrPtr*)(_v56 + 4));
				_v5 = 1;
				while(1) {
					_t66 = E0041CEF0(_v16);
					_t143 = _t142 + 4;
					_t149 =  *_t66;
					if( *_t66 != 0) {
						break;
					}
					_v12 = _v16;
					_t95 = E00436060(_t149, _v16);
					_t96 = E00415110(_a8);
					_t147 = _t143 + 8;
					_v5 = E0041CC50(_v56, _t96, _t95);
					if((_v5 & 0x000000ff) == 0) {
						_t98 = E00441910(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t98;
					} else {
						_t101 = E00415110(_v16);
						_t142 = _t147 + 4;
						_v60 =  *_t101;
					}
					_v16 = _v60;
				}
				__eflags = 0;
				if(0 == 0) {
					E00445360( &_v20, _v12);
					__eflags = _v5 & 0x000000ff;
					if(__eflags != 0) {
						__eflags = E00444870( &_v20, E004083B0(_v56,  &_v32)) & 0x000000ff;
						if(__eflags == 0) {
							E0041D4F0( &_v20);
							L13:
							_t72 = E00415110(_a8);
							__eflags = E0041CC50(_v56, E00436060(__eflags, E0041D530( &_v20)), _t72) & 0x000000ff;
							if(__eflags == 0) {
								_v49 = 0;
								E00445E50(_a4,  &_v20,  &_v49);
								return _a4;
							}
							_v41 = 1;
							E00445E50(_a4, E0041CFA0(_v56, __eflags,  &_v48, _v5 & 0x000000ff, _v12, _a8),  &_v41);
							return _a4;
						}
						_v33 = 1;
						E00445E50(_a4, E0041CFA0(_v56, __eflags,  &_v40, 1, _v12, _a8),  &_v33);
						return _a4;
					}
					goto L13;
				}
				_v21 = 1;
				E00445E50(_a4, E0041CFA0(_v56, 0,  &_v28, _v5 & 0x000000ff, _v12, _a8),  &_v21);
				return _a4;
			}


























                                                                                                                                                                                0x0041c816
                                                                                                                                                                                0x0041c823
                                                                                                                                                                                0x0041c82c
                                                                                                                                                                                0x0041c82f
                                                                                                                                                                                0x0041c833
                                                                                                                                                                                0x0041c837
                                                                                                                                                                                0x0041c83c
                                                                                                                                                                                0x0041c842
                                                                                                                                                                                0x0041c844
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0041c849
                                                                                                                                                                                0x0041c850
                                                                                                                                                                                0x0041c85d
                                                                                                                                                                                0x0041c862
                                                                                                                                                                                0x0041c86e
                                                                                                                                                                                0x0041c877
                                                                                                                                                                                0x0041c890
                                                                                                                                                                                0x0041c895
                                                                                                                                                                                0x0041c89a
                                                                                                                                                                                0x0041c879
                                                                                                                                                                                0x0041c87d
                                                                                                                                                                                0x0041c882
                                                                                                                                                                                0x0041c887
                                                                                                                                                                                0x0041c887
                                                                                                                                                                                0x0041c8a0
                                                                                                                                                                                0x0041c8a0
                                                                                                                                                                                0x0041c8a5
                                                                                                                                                                                0x0041c8a7
                                                                                                                                                                                0x0041c8e7
                                                                                                                                                                                0x0041c8f0
                                                                                                                                                                                0x0041c8f2
                                                                                                                                                                                0x0041c90e
                                                                                                                                                                                0x0041c910
                                                                                                                                                                                0x0041c946
                                                                                                                                                                                0x0041c94b
                                                                                                                                                                                0x0041c94f
                                                                                                                                                                                0x0041c975
                                                                                                                                                                                0x0041c977
                                                                                                                                                                                0x0041c9aa
                                                                                                                                                                                0x0041c9b9
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0041c9be
                                                                                                                                                                                0x0041c979
                                                                                                                                                                                0x0041c99e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0041c9a3
                                                                                                                                                                                0x0041c912
                                                                                                                                                                                0x0041c934
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0041c939
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0041c8f4
                                                                                                                                                                                0x0041c8a9
                                                                                                                                                                                0x0041c8ce
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Cnd_initHandlestd::_
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3964502784-0
                                                                                                                                                                                • Opcode ID: 053cb36615b50c11b9affa81ef5e7e281e4dcdacd00ba29a504b599901895e19
                                                                                                                                                                                • Instruction ID: 2d2d5e5912a5e220dfae65aaf11e39b30c8cc877763405f5282d199abf3413ee
                                                                                                                                                                                • Opcode Fuzzy Hash: 053cb36615b50c11b9affa81ef5e7e281e4dcdacd00ba29a504b599901895e19
                                                                                                                                                                                • Instruction Fuzzy Hash: D75133B5D04108BFDB04DFD5DC91AEFBBB9AF88304F14805EF409A7241DA35AA45CB95
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0040BE70, Relevance: 6.1, APIs: 4, Instructions: 118windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                			E0040BE70(intOrPtr* __ecx, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v16;
				char _v20;
				intOrPtr* _v24;
				intOrPtr* _v28;
				intOrPtr* _v32;
				signed int _t43;
				intOrPtr _t47;
				void* _t53;
				intOrPtr _t58;
				signed int _t115;

				_push(0xffffffff);
				_push(0x513ff8);
				_push( *[fs:0x0]);
				_t43 =  *0x561244; // 0x554c9ad9
				_push(_t43 ^ _t115);
				 *[fs:0x0] =  &_v16;
				_v24 = __ecx;
				 *(_v24 + 0x98) =  *(_v24 + 0x98) | 0x00000020;
				_t47 = _v24;
				_t118 =  *(_t47 + 0x98) >> 0x00000006 & 0x00000001;
				if(( *(_t47 + 0x98) >> 0x00000006 & 0x00000001) != 0) {
					L10:
					 *_a16 = 0;
					 *[fs:0x0] = _v16;
					return 0;
				}
				if((E00430370(_v24 + 0x64, _t118, 0) & 0x000000ff) == 0) {
					L6:
					if(( *(_v24 + 0x98) >> 0x00000003 & 0x00000001) == 0) {
						_t53 = E0040BE50(_v24 + 4, GetFocus());
						__eflags = _t53;
						if(_t53 == 0) {
							SetFocus(GetWindow( *(_v24 + 4), 5));
						}
					} else {
						SetFocus( *(_v24 + 4));
					}
					goto L10;
				}
				_t58 = _v24;
				_t120 =  *(_t58 + 0x98) >> 0x00000001 & 0x00000001;
				if(( *(_t58 + 0x98) >> 0x00000001 & 0x00000001) != 0) {
					goto L6;
				}
				E00414C90();
				_v8 = 0;
				_v28 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x10))))();
				 *((intOrPtr*)( *((intOrPtr*)( *_v28))))(_v28, 0x51da8c, E00434050( &_v20));
				if((E00430370( &_v20, _t120, 0) & 0x000000ff) != 0) {
					_v32 = E0041D530(_v24 + 0x64);
					 *((intOrPtr*)( *((intOrPtr*)( *_v32 + 0x2c))))(_v32, 0xfffffffc, 0, E0041D530( &_v20), 0,  *(_v24 + 4), _v24 + 0xb4);
				}
				_v8 = 0xffffffff;
				E0040D320();
				goto L6;
			}














                                                                                                                                                                                0x0040be73
                                                                                                                                                                                0x0040be75
                                                                                                                                                                                0x0040be80
                                                                                                                                                                                0x0040be84
                                                                                                                                                                                0x0040be8b
                                                                                                                                                                                0x0040be8f
                                                                                                                                                                                0x0040be95
                                                                                                                                                                                0x0040bea7
                                                                                                                                                                                0x0040bead
                                                                                                                                                                                0x0040beb9
                                                                                                                                                                                0x0040bebc
                                                                                                                                                                                0x0040bfd0
                                                                                                                                                                                0x0040bfd3
                                                                                                                                                                                0x0040bfde
                                                                                                                                                                                0x0040bfe9
                                                                                                                                                                                0x0040bfe9
                                                                                                                                                                                0x0040bed4
                                                                                                                                                                                0x0040bf84
                                                                                                                                                                                0x0040bf93
                                                                                                                                                                                0x0040bfb1
                                                                                                                                                                                0x0040bfb6
                                                                                                                                                                                0x0040bfb8
                                                                                                                                                                                0x0040bfca
                                                                                                                                                                                0x0040bfca
                                                                                                                                                                                0x0040bf95
                                                                                                                                                                                0x0040bf9c
                                                                                                                                                                                0x0040bf9c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040bf93
                                                                                                                                                                                0x0040beda
                                                                                                                                                                                0x0040bee5
                                                                                                                                                                                0x0040bee8
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040bef1
                                                                                                                                                                                0x0040bef6
                                                                                                                                                                                0x0040bf0a
                                                                                                                                                                                0x0040bf26
                                                                                                                                                                                0x0040bf37
                                                                                                                                                                                0x0040bf44
                                                                                                                                                                                0x0040bf73
                                                                                                                                                                                0x0040bf73
                                                                                                                                                                                0x0040bf75
                                                                                                                                                                                0x0040bf7f
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • SetFocus.USER32(?,00000000,554C9AD9,00000000,00000000,?,554C9AD9), ref: 0040BF9C
                                                                                                                                                                                • GetFocus.USER32(00000000,554C9AD9,00000000,00000000,?,554C9AD9), ref: 0040BFA4
                                                                                                                                                                                • GetWindow.USER32(?,00000005), ref: 0040BFC3
                                                                                                                                                                                • SetFocus.USER32(00000000), ref: 0040BFCA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Focus$Window
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3286522332-0
                                                                                                                                                                                • Opcode ID: 970ddb0cfd7bd0c14a3f2e369824521eca09491f84e662d54869847b4cf92b83
                                                                                                                                                                                • Instruction ID: 3a94e24fefa496a51dce265a90df239404a5a80031a59ee7eb99bbd9718925be
                                                                                                                                                                                • Opcode Fuzzy Hash: 970ddb0cfd7bd0c14a3f2e369824521eca09491f84e662d54869847b4cf92b83
                                                                                                                                                                                • Instruction Fuzzy Hash: 5A414BB4A001069FDB08DF99D991BBFB3B5FF49300F108169E516AB391DB34AD00CBA5
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0049C540, Relevance: 6.1, APIs: 4, Instructions: 112windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 71%
                                                                                                                                                                                			E0049C540(intOrPtr __ecx, void* __edx, struct HWND__* _a4, int _a8, intOrPtr _a12, struct HWND__* _a16, int _a20, intOrPtr _a24) {
				long _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed char _v25;
				signed int _v32;
				char _v60;
				char _v64;
				struct HWND__* _v68;
				char _v73;
				long _v80;
				long _v84;
				int _v88;
				intOrPtr _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				signed int _t46;
				signed int _t53;
				WCHAR* _t58;
				long _t61;
				intOrPtr _t69;
				intOrPtr _t92;
				intOrPtr _t94;
				signed int _t95;
				void* _t96;

				_push(0xffffffff);
				_push(0x50b21a);
				_push( *[fs:0x0]);
				_push(__ecx);
				_t45 =  *0x561244; // 0x554c9ad9
				_t46 = _t45 ^ _t95;
				_v32 = _t46;
				_push(_t46);
				 *[fs:0x0] =  &_v16;
				_v20 = _t96 - 0x4c;
				_v96 = __ecx;
				_v24 = 0xffffffff;
				_v8 = 0;
				E004175C0(E00434050( &_v73));
				_v8 = 1;
				if(_a8 != 0xffffffff) {
					_v68 = GetDlgItem(_a4, _a8);
				} else {
					_v68 = _a4;
				}
				if(_v68 != 0) {
					_t89 = _a16;
					_t53 = E0049C190(_v96, _a16, _a12, _a16,  &_v64, 0, _a24);
					asm("sbb eax, eax");
					_v25 =  ~( ~_t53);
					if((_v25 & 0x000000ff) != 0) {
						if(_a20 == 0) {
							SendMessageW(_v68, 0x30, E0042E0E0(0x5c1160), 0);
						} else {
							SendMessageW(_v68, 0x30, _a20, 0);
						}
						_t58 = E00416A30( &_v60);
						_t89 = _v68;
						_v88 = SetWindowTextW(_v68, _t58);
						_v8 = 0;
						E004176E0();
						_t61 = _v88;
					} else {
						_v84 = 0;
						_v8 = 0;
						E004176E0();
						_t61 = _v84;
					}
				} else {
					_v80 = 0;
					_v8 = 0;
					E004176E0();
					_t61 = _v80;
				}
				 *[fs:0x0] = _v16;
				_pop(_t92);
				_pop(_t94);
				_pop(_t69);
				return E0044F6C8(_t61, _t69, _v32 ^ _t95, _t89, _t92, _t94);
			}






























                                                                                                                                                                                0x0049c543
                                                                                                                                                                                0x0049c545
                                                                                                                                                                                0x0049c550
                                                                                                                                                                                0x0049c551
                                                                                                                                                                                0x0049c555
                                                                                                                                                                                0x0049c55a
                                                                                                                                                                                0x0049c55c
                                                                                                                                                                                0x0049c562
                                                                                                                                                                                0x0049c566
                                                                                                                                                                                0x0049c56c
                                                                                                                                                                                0x0049c56f
                                                                                                                                                                                0x0049c572
                                                                                                                                                                                0x0049c579
                                                                                                                                                                                0x0049c58c
                                                                                                                                                                                0x0049c591
                                                                                                                                                                                0x0049c599
                                                                                                                                                                                0x0049c5b1
                                                                                                                                                                                0x0049c59b
                                                                                                                                                                                0x0049c59e
                                                                                                                                                                                0x0049c59e
                                                                                                                                                                                0x0049c5b8
                                                                                                                                                                                0x0049c5df
                                                                                                                                                                                0x0049c5ea
                                                                                                                                                                                0x0049c5f1
                                                                                                                                                                                0x0049c5f5
                                                                                                                                                                                0x0049c5fe
                                                                                                                                                                                0x0049c61f
                                                                                                                                                                                0x0049c648
                                                                                                                                                                                0x0049c621
                                                                                                                                                                                0x0049c62d
                                                                                                                                                                                0x0049c62d
                                                                                                                                                                                0x0049c651
                                                                                                                                                                                0x0049c657
                                                                                                                                                                                0x0049c661
                                                                                                                                                                                0x0049c664
                                                                                                                                                                                0x0049c66b
                                                                                                                                                                                0x0049c670
                                                                                                                                                                                0x0049c600
                                                                                                                                                                                0x0049c600
                                                                                                                                                                                0x0049c607
                                                                                                                                                                                0x0049c60e
                                                                                                                                                                                0x0049c613
                                                                                                                                                                                0x0049c613
                                                                                                                                                                                0x0049c5ba
                                                                                                                                                                                0x0049c5ba
                                                                                                                                                                                0x0049c5c1
                                                                                                                                                                                0x0049c5c8
                                                                                                                                                                                0x0049c5cd
                                                                                                                                                                                0x0049c5cd
                                                                                                                                                                                0x0049c6d5
                                                                                                                                                                                0x0049c6dd
                                                                                                                                                                                0x0049c6de
                                                                                                                                                                                0x0049c6df
                                                                                                                                                                                0x0049c6ed

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32 ref: 0049C5AB
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000,00000000), ref: 0049C62D
                                                                                                                                                                                • SetWindowTextW.USER32(00000000,00000000), ref: 0049C65B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ItemMessageSendTextWindow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1298124448-0
                                                                                                                                                                                • Opcode ID: 35563e210010ee52b99a4e29e7cb73aa0e751a07200715394e8ddf19d4e77c92
                                                                                                                                                                                • Instruction ID: 338f5d2a9ba86dcfa8496b688ed2e06dce44ce7ba2f11e37412eb35ce0c1dd2d
                                                                                                                                                                                • Opcode Fuzzy Hash: 35563e210010ee52b99a4e29e7cb73aa0e751a07200715394e8ddf19d4e77c92
                                                                                                                                                                                • Instruction Fuzzy Hash: 87415D70904249EFDF04DFA9D895BEEBBB4EB14314F10812EF412A7281DB785D05CBA4
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00465D42, Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E00465D42(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				int _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t73;

				_t73 = _a8;
				if(_t73 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t73 != 0) {
						E00451A3C( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E00460ACA( *_t73 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t73, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E00454477(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t65 =  *(_t56 + 0xac);
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								__eflags = _a12 -  *(_t56 + 0xac);
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t73[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t57 =  *(_t56 + 0xac);
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t73, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t73 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                                                                                                0x00465d4c
                                                                                                                                                                                0x00465d53
                                                                                                                                                                                0x00465d6a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00465d5a
                                                                                                                                                                                0x00465d5c
                                                                                                                                                                                0x00465d76
                                                                                                                                                                                0x00465d7b
                                                                                                                                                                                0x00465d7e
                                                                                                                                                                                0x00465d81
                                                                                                                                                                                0x00465daa
                                                                                                                                                                                0x00465db1
                                                                                                                                                                                0x00465db3
                                                                                                                                                                                0x00465e34
                                                                                                                                                                                0x00465e4f
                                                                                                                                                                                0x00465e51
                                                                                                                                                                                0x00465d91
                                                                                                                                                                                0x00465d91
                                                                                                                                                                                0x00465d94
                                                                                                                                                                                0x00465d96
                                                                                                                                                                                0x00465d99
                                                                                                                                                                                0x00465d99
                                                                                                                                                                                0x00465d99
                                                                                                                                                                                0x00465d99
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00465d9f
                                                                                                                                                                                0x00465e13
                                                                                                                                                                                0x00465e13
                                                                                                                                                                                0x00465e18
                                                                                                                                                                                0x00465e1e
                                                                                                                                                                                0x00465e21
                                                                                                                                                                                0x00465e23
                                                                                                                                                                                0x00465e26
                                                                                                                                                                                0x00465e26
                                                                                                                                                                                0x00465e26
                                                                                                                                                                                0x00465e26
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00465e2a
                                                                                                                                                                                0x00465db5
                                                                                                                                                                                0x00465db8
                                                                                                                                                                                0x00465dbe
                                                                                                                                                                                0x00465dc1
                                                                                                                                                                                0x00465de8
                                                                                                                                                                                0x00465deb
                                                                                                                                                                                0x00465df1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00465df3
                                                                                                                                                                                0x00465df6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00465df8
                                                                                                                                                                                0x00465df8
                                                                                                                                                                                0x00465dfe
                                                                                                                                                                                0x00465e01
                                                                                                                                                                                0x00465d6f
                                                                                                                                                                                0x00465d6f
                                                                                                                                                                                0x00465e0a
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00465e0a
                                                                                                                                                                                0x00465dc3
                                                                                                                                                                                0x00465dc6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00465dca
                                                                                                                                                                                0x00465ddb
                                                                                                                                                                                0x00465de1
                                                                                                                                                                                0x00465de3
                                                                                                                                                                                0x00465de6
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00465de6
                                                                                                                                                                                0x00465d83
                                                                                                                                                                                0x00465d86
                                                                                                                                                                                0x00465d88
                                                                                                                                                                                0x00465d8e
                                                                                                                                                                                0x00465d8e
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00465d5e
                                                                                                                                                                                0x00465d5e
                                                                                                                                                                                0x00465d63
                                                                                                                                                                                0x00465d67
                                                                                                                                                                                0x00465d67
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00465d63
                                                                                                                                                                                0x00465d5c

                                                                                                                                                                                APIs
                                                                                                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00465D76
                                                                                                                                                                                • __isleadbyte_l.LIBCMT ref: 00465DAA
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,00451924,?,00000000,00000000,?,?,?,?,00451924,00000000,?), ref: 00465DDB
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,00451924,00000001,00000000,00000000,?,?,?,?,00451924,00000000,?), ref: 00465E49
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3058430110-0
                                                                                                                                                                                • Opcode ID: 842950bc1bb2c9001aa3cd0f0948e4b1baaeb719dfad5a9d203bdd58c7e87718
                                                                                                                                                                                • Instruction ID: 52dea748093019666df3ed059cbaa69503571aede2bbebb0e5ff6efe3d2f1e32
                                                                                                                                                                                • Opcode Fuzzy Hash: 842950bc1bb2c9001aa3cd0f0948e4b1baaeb719dfad5a9d203bdd58c7e87718
                                                                                                                                                                                • Instruction Fuzzy Hash: 4531A031A00656EFDF20DF64C888ABE3BB5EF01311F18856AE4A18B2E1E335DD51DB56
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0041E630, Relevance: 6.1, APIs: 4, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                			E0041E630(void* __eflags) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				void* __ecx;
				signed int _t30;
				intOrPtr _t49;
				signed int _t72;
				void* _t73;

				_push(0xffffffff);
				_push(0x513830);
				_push( *[fs:0x0]);
				_push(_t49);
				_t30 =  *0x561244; // 0x554c9ad9
				_push(_t30 ^ _t72);
				 *[fs:0x0] =  &_v16;
				_v20 = _t73 - 0x18;
				_v44 = _t49;
				_v28 = E0041E7D0(_v44 + 1, 1);
				_v24 = 0;
				_v8 = 0;
				_v32 = 0;
				E0041EB00(_v44 + 2, E00415110(_v28),  &_v32);
				_v24 = _v24 + 1;
				_v36 = 0;
				E0041EB00(_v44 + 2, E0042AE30(_v28),  &_v36);
				_v24 = _v24 + 1;
				_v40 = 0;
				E0041EB00(_v44 + 2, E00441910(_v28),  &_v40);
				_v8 = 0xffffffff;
				 *((char*)(E0041D720(_v28))) = 1;
				 *((char*)(E0041CEF0(_v28))) = 0;
				 *[fs:0x0] = _v16;
				return _v28;
			}

















                                                                                                                                                                                0x0041e633
                                                                                                                                                                                0x0041e635
                                                                                                                                                                                0x0041e640
                                                                                                                                                                                0x0041e641
                                                                                                                                                                                0x0041e648
                                                                                                                                                                                0x0041e64f
                                                                                                                                                                                0x0041e653
                                                                                                                                                                                0x0041e659
                                                                                                                                                                                0x0041e65c
                                                                                                                                                                                0x0041e66c
                                                                                                                                                                                0x0041e66f
                                                                                                                                                                                0x0041e676
                                                                                                                                                                                0x0041e67d
                                                                                                                                                                                0x0041e69b
                                                                                                                                                                                0x0041e6a6
                                                                                                                                                                                0x0041e6a9
                                                                                                                                                                                0x0041e6c7
                                                                                                                                                                                0x0041e6d2
                                                                                                                                                                                0x0041e6d5
                                                                                                                                                                                0x0041e6f3
                                                                                                                                                                                0x0041e75d
                                                                                                                                                                                0x0041e770
                                                                                                                                                                                0x0041e77f
                                                                                                                                                                                0x0041e788
                                                                                                                                                                                0x0041e796

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: allocator
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3447690668-0
                                                                                                                                                                                • Opcode ID: 8ce642c58801f047890592d3ad38a4102074216498c831a93635b213d1046d24
                                                                                                                                                                                • Instruction ID: 3769a898c11e8c6f2bbe98c8fa6b9c4e404ce17e535a93d307b403eca069a5a8
                                                                                                                                                                                • Opcode Fuzzy Hash: 8ce642c58801f047890592d3ad38a4102074216498c831a93635b213d1046d24
                                                                                                                                                                                • Instruction Fuzzy Hash: E9315EB5D001089FDB04DF99C852BEFBBB9EF48318F14051EE505A7381D7396940CBA6
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0043A810, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                			E0043A810(void* __eflags) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				void* __ecx;
				signed int _t30;
				intOrPtr _t49;
				signed int _t72;
				void* _t73;

				_push(0xffffffff);
				_push(0x513490);
				_push( *[fs:0x0]);
				_push(_t49);
				_t30 =  *0x561244; // 0x554c9ad9
				_push(_t30 ^ _t72);
				 *[fs:0x0] =  &_v16;
				_v20 = _t73 - 0x18;
				_v44 = _t49;
				_v28 = E00433BF0(_v44 + 1, 1);
				_v24 = 0;
				_v8 = 0;
				_v32 = 0;
				E0041EB00(_v44 + 2, E00415110(_v28),  &_v32);
				_v24 = _v24 + 1;
				_v36 = 0;
				E0041EB00(_v44 + 2, E0042AE30(_v28),  &_v36);
				_v24 = _v24 + 1;
				_v40 = 0;
				E0041EB00(_v44 + 2, E00441910(_v28),  &_v40);
				_v8 = 0xffffffff;
				 *((char*)(E00436BA0(_v28))) = 1;
				 *((char*)(E004271F0(_v28))) = 0;
				 *[fs:0x0] = _v16;
				return _v28;
			}

















                                                                                                                                                                                0x0043a813
                                                                                                                                                                                0x0043a815
                                                                                                                                                                                0x0043a820
                                                                                                                                                                                0x0043a821
                                                                                                                                                                                0x0043a828
                                                                                                                                                                                0x0043a82f
                                                                                                                                                                                0x0043a833
                                                                                                                                                                                0x0043a839
                                                                                                                                                                                0x0043a83c
                                                                                                                                                                                0x0043a84c
                                                                                                                                                                                0x0043a84f
                                                                                                                                                                                0x0043a856
                                                                                                                                                                                0x0043a85d
                                                                                                                                                                                0x0043a87b
                                                                                                                                                                                0x0043a886
                                                                                                                                                                                0x0043a889
                                                                                                                                                                                0x0043a8a7
                                                                                                                                                                                0x0043a8b2
                                                                                                                                                                                0x0043a8b5
                                                                                                                                                                                0x0043a8d3
                                                                                                                                                                                0x0043a93d
                                                                                                                                                                                0x0043a950
                                                                                                                                                                                0x0043a95f
                                                                                                                                                                                0x0043a968
                                                                                                                                                                                0x0043a976

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: allocator
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3447690668-0
                                                                                                                                                                                • Opcode ID: 546a6a7146ac282cecb13664b6c39ebf8be5004f1d1b8b2efe67c34288c3041b
                                                                                                                                                                                • Instruction ID: 267eeca0b7a615dd3572bc71c368de8326a6248929799914903cc305de613933
                                                                                                                                                                                • Opcode Fuzzy Hash: 546a6a7146ac282cecb13664b6c39ebf8be5004f1d1b8b2efe67c34288c3041b
                                                                                                                                                                                • Instruction Fuzzy Hash: 51315CB1D002099FDB04DF99D852BEFBBB8EF48318F14051EE505A7382D7396A40CBA6
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004218E0, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                			E004218E0(void* __eflags) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				void* __ecx;
				signed int _t30;
				intOrPtr _t49;
				signed int _t72;
				void* _t73;

				_push(0xffffffff);
				_push(0x5137c0);
				_push( *[fs:0x0]);
				_push(_t49);
				_t30 =  *0x561244; // 0x554c9ad9
				_push(_t30 ^ _t72);
				 *[fs:0x0] =  &_v16;
				_v20 = _t73 - 0x18;
				_v44 = _t49;
				_v28 = E00422100(_v44 + 1, 1);
				_v24 = 0;
				_v8 = 0;
				_v32 = 0;
				E0041EB00(_v44 + 2, E00415110(_v28),  &_v32);
				_v24 = _v24 + 1;
				_v36 = 0;
				E0041EB00(_v44 + 2, E0042AE30(_v28),  &_v36);
				_v24 = _v24 + 1;
				_v40 = 0;
				E0041EB00(_v44 + 2, E00441910(_v28),  &_v40);
				_v8 = 0xffffffff;
				 *((char*)(E00421D90(_v28))) = 1;
				 *((char*)(E004210A0(_v28))) = 0;
				 *[fs:0x0] = _v16;
				return _v28;
			}

















                                                                                                                                                                                0x004218e3
                                                                                                                                                                                0x004218e5
                                                                                                                                                                                0x004218f0
                                                                                                                                                                                0x004218f1
                                                                                                                                                                                0x004218f8
                                                                                                                                                                                0x004218ff
                                                                                                                                                                                0x00421903
                                                                                                                                                                                0x00421909
                                                                                                                                                                                0x0042190c
                                                                                                                                                                                0x0042191c
                                                                                                                                                                                0x0042191f
                                                                                                                                                                                0x00421926
                                                                                                                                                                                0x0042192d
                                                                                                                                                                                0x0042194b
                                                                                                                                                                                0x00421956
                                                                                                                                                                                0x00421959
                                                                                                                                                                                0x00421977
                                                                                                                                                                                0x00421982
                                                                                                                                                                                0x00421985
                                                                                                                                                                                0x004219a3
                                                                                                                                                                                0x00421a0d
                                                                                                                                                                                0x00421a20
                                                                                                                                                                                0x00421a2f
                                                                                                                                                                                0x00421a38
                                                                                                                                                                                0x00421a46

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: allocator
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3447690668-0
                                                                                                                                                                                • Opcode ID: a51f7e5378a0803056d5c623f8d65849aacbfa87ca64dff1ae1e2cf30a0d2efd
                                                                                                                                                                                • Instruction ID: 05f35079934cdba28f038054f1e2dc774b529e5327ec5f593cc00cef1487bd56
                                                                                                                                                                                • Opcode Fuzzy Hash: a51f7e5378a0803056d5c623f8d65849aacbfa87ca64dff1ae1e2cf30a0d2efd
                                                                                                                                                                                • Instruction Fuzzy Hash: A8312FB1D001099FDB04DF99D852BEFBBB8EF48318F14051EE505A7381D7796A44CBA6
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00421A50, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                			E00421A50(void* __eflags) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				void* __ecx;
				signed int _t30;
				intOrPtr _t49;
				signed int _t72;
				void* _t73;

				_push(0xffffffff);
				_push(0x5137a0);
				_push( *[fs:0x0]);
				_push(_t49);
				_t30 =  *0x561244; // 0x554c9ad9
				_push(_t30 ^ _t72);
				 *[fs:0x0] =  &_v16;
				_v20 = _t73 - 0x18;
				_v44 = _t49;
				_v28 = E00421BC0(_v44 + 1, 1);
				_v24 = 0;
				_v8 = 0;
				_v32 = 0;
				E0041EB00(_v44 + 2, E00415110(_v28),  &_v32);
				_v24 = _v24 + 1;
				_v36 = 0;
				E0041EB00(_v44 + 2, E0042AE30(_v28),  &_v36);
				_v24 = _v24 + 1;
				_v40 = 0;
				E0041EB00(_v44 + 2, E00441910(_v28),  &_v40);
				_v8 = 0xffffffff;
				 *((char*)(E00420150(_v28))) = 1;
				 *((char*)(E00420160(_v28))) = 0;
				 *[fs:0x0] = _v16;
				return _v28;
			}

















                                                                                                                                                                                0x00421a53
                                                                                                                                                                                0x00421a55
                                                                                                                                                                                0x00421a60
                                                                                                                                                                                0x00421a61
                                                                                                                                                                                0x00421a68
                                                                                                                                                                                0x00421a6f
                                                                                                                                                                                0x00421a73
                                                                                                                                                                                0x00421a79
                                                                                                                                                                                0x00421a7c
                                                                                                                                                                                0x00421a8c
                                                                                                                                                                                0x00421a8f
                                                                                                                                                                                0x00421a96
                                                                                                                                                                                0x00421a9d
                                                                                                                                                                                0x00421abb
                                                                                                                                                                                0x00421ac6
                                                                                                                                                                                0x00421ac9
                                                                                                                                                                                0x00421ae7
                                                                                                                                                                                0x00421af2
                                                                                                                                                                                0x00421af5
                                                                                                                                                                                0x00421b13
                                                                                                                                                                                0x00421b7d
                                                                                                                                                                                0x00421b90
                                                                                                                                                                                0x00421b9f
                                                                                                                                                                                0x00421ba8
                                                                                                                                                                                0x00421bb6

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: allocator
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3447690668-0
                                                                                                                                                                                • Opcode ID: cac359c06f5b99315221439c5d973be7cbf478c8bda0a670c3a99057d80456fc
                                                                                                                                                                                • Instruction ID: ec76bf2b0cc585e738b8d3f54cdf3feb26d35ed437d4d6351af21d77caeb081f
                                                                                                                                                                                • Opcode Fuzzy Hash: cac359c06f5b99315221439c5d973be7cbf478c8bda0a670c3a99057d80456fc
                                                                                                                                                                                • Instruction Fuzzy Hash: 1B314DB1D001099FDB04DF99D852BEFBBB8EF48318F14051EE505A7382D73A6A44CBA6
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00419D50, Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 54%
                                                                                                                                                                                			E00419D50(char* _a4, int _a8) {
				int _v8;
				char _v16;
				short* _v28;
				int _v32;
				char _v40;
				int _v44;
				short* _v48;
				int _v52;
				int _v56;
				short* _v60;
				signed int _t40;
				int _t43;
				short* _t48;
				signed int _t70;

				_push(0xffffffff);
				_push(0x513dc8);
				_push( *[fs:0x0]);
				_t40 =  *0x561244; // 0x554c9ad9
				_push(_t40 ^ _t70);
				 *[fs:0x0] =  &_v16;
				if(_a4 == 0 || _a8 == 0) {
					_t43 = 0;
				} else {
					_v32 = E00417320();
					E00413100( &_v40);
					_v8 = 0;
					_v48 = 0;
					_v44 = MultiByteToWideChar(_v32, 0, _a4, _a8, 0, 0);
					_t48 = _v44;
					_v28 = _t48;
					if(_a8 == 0xffffffff) {
						_v28 = _v28 - 1;
					}
					__imp__#4(0, _v28);
					_v48 = _t48;
					if(_v48 == 0) {
						L8:
						_v60 = _v48;
						_v8 = 0xffffffff;
						E00417350( &_v40);
						_t43 = _v60;
					} else {
						_v52 = MultiByteToWideChar(_v32, 0, _a4, _a8, _v48, _v44);
						if(_v52 == _v44) {
							goto L8;
						} else {
							__imp__#6(_v48);
							_v56 = 0;
							_v8 = 0xffffffff;
							E00417350( &_v40);
							_t43 = _v56;
						}
					}
				}
				 *[fs:0x0] = _v16;
				return _t43;
			}

















                                                                                                                                                                                0x00419d53
                                                                                                                                                                                0x00419d55
                                                                                                                                                                                0x00419d60
                                                                                                                                                                                0x00419d64
                                                                                                                                                                                0x00419d6b
                                                                                                                                                                                0x00419d6f
                                                                                                                                                                                0x00419d79
                                                                                                                                                                                0x00419d81
                                                                                                                                                                                0x00419d88
                                                                                                                                                                                0x00419d8d
                                                                                                                                                                                0x00419d93
                                                                                                                                                                                0x00419d98
                                                                                                                                                                                0x00419d9f
                                                                                                                                                                                0x00419dbe
                                                                                                                                                                                0x00419dc1
                                                                                                                                                                                0x00419dc4
                                                                                                                                                                                0x00419dcb
                                                                                                                                                                                0x00419dd3
                                                                                                                                                                                0x00419dd3
                                                                                                                                                                                0x00419ddc
                                                                                                                                                                                0x00419de2
                                                                                                                                                                                0x00419de9
                                                                                                                                                                                0x00419e37
                                                                                                                                                                                0x00419e3a
                                                                                                                                                                                0x00419e3d
                                                                                                                                                                                0x00419e47
                                                                                                                                                                                0x00419e4c
                                                                                                                                                                                0x00419deb
                                                                                                                                                                                0x00419e07
                                                                                                                                                                                0x00419e10
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00419e12
                                                                                                                                                                                0x00419e16
                                                                                                                                                                                0x00419e1c
                                                                                                                                                                                0x00419e23
                                                                                                                                                                                0x00419e2d
                                                                                                                                                                                0x00419e32
                                                                                                                                                                                0x00419e32
                                                                                                                                                                                0x00419e10
                                                                                                                                                                                0x00419de9
                                                                                                                                                                                0x00419e52
                                                                                                                                                                                0x00419e5d

                                                                                                                                                                                APIs
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,554C9AD9), ref: 00419DB8
                                                                                                                                                                                • SysAllocStringLen.OLEAUT32(00000000,000000FF), ref: 00419DDC
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,000000FF), ref: 00419E01
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00419E16
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiStringWide$AllocFree
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 447844807-0
                                                                                                                                                                                • Opcode ID: c8b932e8dd3b0843b89be5497f9439bbe8ea484dff45ff3cb6e23b36c1336f1f
                                                                                                                                                                                • Instruction ID: 5e98daa09e5da11dd0cbceeb89d3eba70e89bc9115de2a4c1e012f7c7e63a4c1
                                                                                                                                                                                • Opcode Fuzzy Hash: c8b932e8dd3b0843b89be5497f9439bbe8ea484dff45ff3cb6e23b36c1336f1f
                                                                                                                                                                                • Instruction Fuzzy Hash: 7B31E971D00208EFDB04DFA9D995BEEBBB4EB48720F108619F925A7280D7356A85CF94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00408F50, Relevance: 6.1, APIs: 4, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                			E00408F50(void* __eflags) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				void* __ecx;
				signed int _t30;
				intOrPtr _t49;
				signed int _t72;
				void* _t73;

				_push(0xffffffff);
				_push(0x513a90);
				_push( *[fs:0x0]);
				_push(_t49);
				_t30 =  *0x561244; // 0x554c9ad9
				_push(_t30 ^ _t72);
				 *[fs:0x0] =  &_v16;
				_v20 = _t73 - 0x18;
				_v44 = _t49;
				_v28 = E00409480(_v44 + 1, 1);
				_v24 = 0;
				_v8 = 0;
				_v32 = 0;
				E0041EB00(_v44 + 2, E00415110(_v28),  &_v32);
				_v24 = _v24 + 1;
				_v36 = 0;
				E0041EB00(_v44 + 2, E0042AE30(_v28),  &_v36);
				_v24 = _v24 + 1;
				_v40 = 0;
				E0041EB00(_v44 + 2, E00441910(_v28),  &_v40);
				_v8 = 0xffffffff;
				 *((char*)(E00409110(_v28))) = 1;
				 *((char*)(E00408710(_v28))) = 0;
				 *[fs:0x0] = _v16;
				return _v28;
			}

















                                                                                                                                                                                0x00408f53
                                                                                                                                                                                0x00408f55
                                                                                                                                                                                0x00408f60
                                                                                                                                                                                0x00408f61
                                                                                                                                                                                0x00408f68
                                                                                                                                                                                0x00408f6f
                                                                                                                                                                                0x00408f73
                                                                                                                                                                                0x00408f79
                                                                                                                                                                                0x00408f7c
                                                                                                                                                                                0x00408f8c
                                                                                                                                                                                0x00408f8f
                                                                                                                                                                                0x00408f96
                                                                                                                                                                                0x00408f9d
                                                                                                                                                                                0x00408fbb
                                                                                                                                                                                0x00408fc6
                                                                                                                                                                                0x00408fc9
                                                                                                                                                                                0x00408fe7
                                                                                                                                                                                0x00408ff2
                                                                                                                                                                                0x00408ff5
                                                                                                                                                                                0x00409013
                                                                                                                                                                                0x0040907d
                                                                                                                                                                                0x00409090
                                                                                                                                                                                0x0040909f
                                                                                                                                                                                0x004090a8
                                                                                                                                                                                0x004090b6

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: allocator
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3447690668-0
                                                                                                                                                                                • Opcode ID: 183301c742978be363bb8f1ab9b5ad5b5f802a6ff89599c1fb827626f1d6cb57
                                                                                                                                                                                • Instruction ID: d27aea2102528378556eafdc0d2e7e9f5c29ea9e3cc09582983b0eac876c7694
                                                                                                                                                                                • Opcode Fuzzy Hash: 183301c742978be363bb8f1ab9b5ad5b5f802a6ff89599c1fb827626f1d6cb57
                                                                                                                                                                                • Instruction Fuzzy Hash: 22310BB1D001099BDB04DF99D852BEFBBB8EF48318F14052EE505B7282D7396A44CBA6
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00422B60, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                                                			E00422B60(void* __eflags, char _a4, char _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* __ecx;
				signed int _t25;
				intOrPtr _t41;
				signed int _t62;
				void* _t63;

				_push(0xffffffff);
				_push(0x5182e0);
				_push( *[fs:0x0]);
				_push(_t41);
				_t25 =  *0x561244; // 0x554c9ad9
				_push(_t25 ^ _t62);
				 *[fs:0x0] =  &_v16;
				_v20 = _t63 - 0xc;
				_v32 = _t41;
				_v28 = E00422D30(_v32, 1);
				_v24 = 0;
				_v8 = 0;
				E0041EB00(_v32 + 1, E00415110(_v28),  &_a4);
				_v24 = _v24 + 1;
				E0041EB00(_v32 + 1, E0042AE30(_v28),  &_a8);
				_v24 = _v24 + 1;
				E00422D70(_v32 + 2, E00441910(_v28), _a12);
				_v8 = 0xffffffff;
				 *[fs:0x0] = _v16;
				return _v28;
			}














                                                                                                                                                                                0x00422b63
                                                                                                                                                                                0x00422b65
                                                                                                                                                                                0x00422b70
                                                                                                                                                                                0x00422b71
                                                                                                                                                                                0x00422b78
                                                                                                                                                                                0x00422b7f
                                                                                                                                                                                0x00422b83
                                                                                                                                                                                0x00422b89
                                                                                                                                                                                0x00422b8c
                                                                                                                                                                                0x00422b99
                                                                                                                                                                                0x00422b9c
                                                                                                                                                                                0x00422ba3
                                                                                                                                                                                0x00422bc1
                                                                                                                                                                                0x00422bcc
                                                                                                                                                                                0x00422be6
                                                                                                                                                                                0x00422bf1
                                                                                                                                                                                0x00422c0b
                                                                                                                                                                                0x00422c72
                                                                                                                                                                                0x00422c7f
                                                                                                                                                                                0x00422c8d

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: allocator
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3447690668-0
                                                                                                                                                                                • Opcode ID: b6545de2f7bb57edffc094cb94e14e572292e9e9844fe40a7b740aeed0028dc7
                                                                                                                                                                                • Instruction ID: a4b0708774b16f10b9a70ec2a5b46f27dd21e2dd8c1498d4e535dd292540d1e2
                                                                                                                                                                                • Opcode Fuzzy Hash: b6545de2f7bb57edffc094cb94e14e572292e9e9844fe40a7b740aeed0028dc7
                                                                                                                                                                                • Instruction Fuzzy Hash: 94216DB1E00109AFCB04DF99D852BEFB7B8FB44318F10462EE515A7381D6396A05CBA5
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00496850, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SafeArrayDestroy.OLEAUT32 ref: 00496867
                                                                                                                                                                                • SafeArrayCreate.OLEAUT32(00000000,00000001,00000000), ref: 004968A6
                                                                                                                                                                                • SafeArrayLock.OLEAUT32(00000000), ref: 004968CB
                                                                                                                                                                                • SafeArrayUnlock.OLEAUT32(00000000), ref: 004968FF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ArraySafe$CreateDestroyLockUnlock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2416500753-0
                                                                                                                                                                                • Opcode ID: 777d77ee4ad11ff50700f991434bcc46e04ff0b75a31c979a6979b00de7a2f9e
                                                                                                                                                                                • Instruction ID: 92761eab0e97011eb67d24bdfacb91ac975fb1fd29a295b39c674a0cf9b6101b
                                                                                                                                                                                • Opcode Fuzzy Hash: 777d77ee4ad11ff50700f991434bcc46e04ff0b75a31c979a6979b00de7a2f9e
                                                                                                                                                                                • Instruction Fuzzy Hash: 3C31A0B8A00208EFDB04DF94C484B9EFBB5FB49304F10C5AAE8259B344C739AA85CB54
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0045B06B, Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 90%
                                                                                                                                                                                			E0045B06B(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
				signed int _t13;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_t30 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x544598);
				E00456860(__ebx, __edi, __esi);
				_t28 = E00457400(__ebx, __edx, __edi, _t30);
				_t13 =  *0x56195c; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t13) == 0) {
					L6:
					E00457DFC(_t22, 0xc);
					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
					_t8 = _t28 + 0x6c; // 0x6c
					_t26 =  *0x561a40; // 0x561968
					 *((intOrPtr*)(_t29 - 0x1c)) = E0045B02D(_t8, _t26);
					 *(_t29 - 4) = 0xfffffffe;
					E0045B0D5();
				} else {
					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(E00457400(_t22, __edx, _t26, _t32) + 0x6c));
					}
				}
				if(_t28 == 0) {
					E00457948(_t25, _t26, 0x20);
				}
				return E004568A5(_t28);
			}







                                                                                                                                                                                0x0045b06b
                                                                                                                                                                                0x0045b06b
                                                                                                                                                                                0x0045b06b
                                                                                                                                                                                0x0045b06b
                                                                                                                                                                                0x0045b06b
                                                                                                                                                                                0x0045b06d
                                                                                                                                                                                0x0045b072
                                                                                                                                                                                0x0045b07c
                                                                                                                                                                                0x0045b07e
                                                                                                                                                                                0x0045b086
                                                                                                                                                                                0x0045b0aa
                                                                                                                                                                                0x0045b0ac
                                                                                                                                                                                0x0045b0b2
                                                                                                                                                                                0x0045b0b6
                                                                                                                                                                                0x0045b0b9
                                                                                                                                                                                0x0045b0c4
                                                                                                                                                                                0x0045b0c7
                                                                                                                                                                                0x0045b0ce
                                                                                                                                                                                0x0045b088
                                                                                                                                                                                0x0045b088
                                                                                                                                                                                0x0045b08c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0045b08e
                                                                                                                                                                                0x0045b093
                                                                                                                                                                                0x0045b093
                                                                                                                                                                                0x0045b08c
                                                                                                                                                                                0x0045b098
                                                                                                                                                                                0x0045b09c
                                                                                                                                                                                0x0045b0a1
                                                                                                                                                                                0x0045b0a9

                                                                                                                                                                                APIs
                                                                                                                                                                                • __getptd.LIBCMT ref: 0045B077
                                                                                                                                                                                  • Part of subcall function 00457400: __getptd_noexit.LIBCMT ref: 00457403
                                                                                                                                                                                  • Part of subcall function 00457400: __amsg_exit.LIBCMT ref: 00457410
                                                                                                                                                                                • __getptd.LIBCMT ref: 0045B08E
                                                                                                                                                                                • __amsg_exit.LIBCMT ref: 0045B09C
                                                                                                                                                                                • __lock.LIBCMT ref: 0045B0AC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3521780317-0
                                                                                                                                                                                • Opcode ID: 900689175a814712c8bda9ebad6ca019b4626c4ef11eaf7f3bb20ddfba0632f0
                                                                                                                                                                                • Instruction ID: cf4d89301f3c682c8d0dc1743faf2835190ae46168d4196da046f649daa6c5b0
                                                                                                                                                                                • Opcode Fuzzy Hash: 900689175a814712c8bda9ebad6ca019b4626c4ef11eaf7f3bb20ddfba0632f0
                                                                                                                                                                                • Instruction Fuzzy Hash: 85F06D319416048BD721BB6AD4027AF73A0AF00B2AF51451FEC609B2D3CB7C980D9A9A
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0041E590, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                			E0041E590(intOrPtr __ecx, void* __eflags) {
				intOrPtr _v8;
				intOrPtr* _t21;

				_push(__ecx);
				_v8 = __ecx;
				E0041EA20(_v8, __eflags,  *((intOrPtr*)(E0041D410(_v8))));
				 *((intOrPtr*)(E0041D410(_v8))) =  *((intOrPtr*)(_v8 + 4));
				 *((intOrPtr*)(_v8 + 8)) = 0;
				 *((intOrPtr*)(E00433680(_v8))) =  *((intOrPtr*)(_v8 + 4));
				_t21 = E00433720(_v8);
				 *_t21 =  *((intOrPtr*)(_v8 + 4));
				return _t21;
			}





                                                                                                                                                                                0x0041e593
                                                                                                                                                                                0x0041e594
                                                                                                                                                                                0x0041e5a5
                                                                                                                                                                                0x0041e5b8
                                                                                                                                                                                0x0041e5bd
                                                                                                                                                                                0x0041e5d2
                                                                                                                                                                                0x0041e5d7
                                                                                                                                                                                0x0041e5e2
                                                                                                                                                                                0x0041e5e7

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Handle
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2519475695-0
                                                                                                                                                                                • Opcode ID: 2178110c97017f37eb87d8c9e6f3738af049dcf08290f1205e57e1a0d3705f4f
                                                                                                                                                                                • Instruction ID: affb03b290b1aa2b73d149a340fe72a2a10df3c9f816c2c17cb8d834609de070
                                                                                                                                                                                • Opcode Fuzzy Hash: 2178110c97017f37eb87d8c9e6f3738af049dcf08290f1205e57e1a0d3705f4f
                                                                                                                                                                                • Instruction Fuzzy Hash: AAF04C74A00108EFC708DF95D69299DB7F6EF89304B2181EDD4095B365DB35AF01DB94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00421880, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                			E00421880(intOrPtr __ecx, void* __eflags) {
				intOrPtr _v8;
				intOrPtr* _t21;

				_push(__ecx);
				_v8 = __ecx;
				E00421DA0(_v8, __eflags,  *((intOrPtr*)(E0041D410(_v8))));
				 *((intOrPtr*)(E0041D410(_v8))) =  *((intOrPtr*)(_v8 + 4));
				 *((intOrPtr*)(_v8 + 8)) = 0;
				 *((intOrPtr*)(E00433680(_v8))) =  *((intOrPtr*)(_v8 + 4));
				_t21 = E00433720(_v8);
				 *_t21 =  *((intOrPtr*)(_v8 + 4));
				return _t21;
			}





                                                                                                                                                                                0x00421883
                                                                                                                                                                                0x00421884
                                                                                                                                                                                0x00421895
                                                                                                                                                                                0x004218a8
                                                                                                                                                                                0x004218ad
                                                                                                                                                                                0x004218c2
                                                                                                                                                                                0x004218c7
                                                                                                                                                                                0x004218d2
                                                                                                                                                                                0x004218d7

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Handle
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2519475695-0
                                                                                                                                                                                • Opcode ID: 77c2a6123a5c4162045a07c778d73c785a649a9c5d2f507694f46f5a09e040ea
                                                                                                                                                                                • Instruction ID: 20c62e239c44e157093105c07a3df5977072132efcbc44a26de87df081af60f6
                                                                                                                                                                                • Opcode Fuzzy Hash: 77c2a6123a5c4162045a07c778d73c785a649a9c5d2f507694f46f5a09e040ea
                                                                                                                                                                                • Instruction Fuzzy Hash: E9F09774A00108EFCB08DF85D69299EB7F6EF89308B2081EDE4095B361CB35AF01DB94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0043BB40, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                			E0043BB40(intOrPtr __ecx, void* __eflags) {
				intOrPtr _v8;
				intOrPtr* _t21;

				_push(__ecx);
				_v8 = __ecx;
				E0043BDD0(_v8, __eflags,  *((intOrPtr*)(E0041D410(_v8))));
				 *((intOrPtr*)(E0041D410(_v8))) =  *((intOrPtr*)(_v8 + 4));
				 *((intOrPtr*)(_v8 + 8)) = 0;
				 *((intOrPtr*)(E00433680(_v8))) =  *((intOrPtr*)(_v8 + 4));
				_t21 = E00433720(_v8);
				 *_t21 =  *((intOrPtr*)(_v8 + 4));
				return _t21;
			}





                                                                                                                                                                                0x0043bb43
                                                                                                                                                                                0x0043bb44
                                                                                                                                                                                0x0043bb55
                                                                                                                                                                                0x0043bb68
                                                                                                                                                                                0x0043bb6d
                                                                                                                                                                                0x0043bb82
                                                                                                                                                                                0x0043bb87
                                                                                                                                                                                0x0043bb92
                                                                                                                                                                                0x0043bb97

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Handle
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2519475695-0
                                                                                                                                                                                • Opcode ID: d61e40b3ab140962dc54a35959aec621d71b70ce22b9f05a6b6e4c174653fd73
                                                                                                                                                                                • Instruction ID: bede86a7c527bf71af5b54a7d38cf01d07793778824e641ca2ebc1a4e5ffed0c
                                                                                                                                                                                • Opcode Fuzzy Hash: d61e40b3ab140962dc54a35959aec621d71b70ce22b9f05a6b6e4c174653fd73
                                                                                                                                                                                • Instruction Fuzzy Hash: 04F03474A00108EFCB08DF95D69299EB7B6EF89308F2181ADE4095B365DB35AF01DB94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0041FDB0, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                			E0041FDB0(intOrPtr __ecx, void* __eflags) {
				intOrPtr _v8;
				intOrPtr* _t21;

				_push(__ecx);
				_v8 = __ecx;
				E00420210(_v8, __eflags,  *((intOrPtr*)(E0041D410(_v8))));
				 *((intOrPtr*)(E0041D410(_v8))) =  *((intOrPtr*)(_v8 + 4));
				 *((intOrPtr*)(_v8 + 8)) = 0;
				 *((intOrPtr*)(E00433680(_v8))) =  *((intOrPtr*)(_v8 + 4));
				_t21 = E00433720(_v8);
				 *_t21 =  *((intOrPtr*)(_v8 + 4));
				return _t21;
			}





                                                                                                                                                                                0x0041fdb3
                                                                                                                                                                                0x0041fdb4
                                                                                                                                                                                0x0041fdc5
                                                                                                                                                                                0x0041fdd8
                                                                                                                                                                                0x0041fddd
                                                                                                                                                                                0x0041fdf2
                                                                                                                                                                                0x0041fdf7
                                                                                                                                                                                0x0041fe02
                                                                                                                                                                                0x0041fe07

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Handle
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2519475695-0
                                                                                                                                                                                • Opcode ID: b09d8c182e7baa18f3921ea0d51b61e6a8fe6aa702b685056a05800423826f4c
                                                                                                                                                                                • Instruction ID: fbd9ff186e58c51dc107a68727a9d9793a67c5f80205da66d1e4463b3b109a50
                                                                                                                                                                                • Opcode Fuzzy Hash: b09d8c182e7baa18f3921ea0d51b61e6a8fe6aa702b685056a05800423826f4c
                                                                                                                                                                                • Instruction Fuzzy Hash: 2EF07974A00108EFC708DF85D69295DB7F5AF89304B2081EDD4095B361CB35AF01DB94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00408EF0, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                			E00408EF0(intOrPtr __ecx, void* __eflags) {
				intOrPtr _v8;
				intOrPtr* _t21;

				_push(__ecx);
				_v8 = __ecx;
				E00409120(_v8, __eflags,  *((intOrPtr*)(E0041D410(_v8))));
				 *((intOrPtr*)(E0041D410(_v8))) =  *((intOrPtr*)(_v8 + 4));
				 *((intOrPtr*)(_v8 + 8)) = 0;
				 *((intOrPtr*)(E00433680(_v8))) =  *((intOrPtr*)(_v8 + 4));
				_t21 = E00433720(_v8);
				 *_t21 =  *((intOrPtr*)(_v8 + 4));
				return _t21;
			}





                                                                                                                                                                                0x00408ef3
                                                                                                                                                                                0x00408ef4
                                                                                                                                                                                0x00408f05
                                                                                                                                                                                0x00408f18
                                                                                                                                                                                0x00408f1d
                                                                                                                                                                                0x00408f32
                                                                                                                                                                                0x00408f37
                                                                                                                                                                                0x00408f42
                                                                                                                                                                                0x00408f47

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Handle
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2519475695-0
                                                                                                                                                                                • Opcode ID: 440d436155544bdce126e099541bc9f9b1c1a964b5ec4327e277697f2254fd46
                                                                                                                                                                                • Instruction ID: eb08f18632993118ca8a3c89ccbe7ac1e294b481177aceddd8f570f870356ca5
                                                                                                                                                                                • Opcode Fuzzy Hash: 440d436155544bdce126e099541bc9f9b1c1a964b5ec4327e277697f2254fd46
                                                                                                                                                                                • Instruction Fuzzy Hash: C7F04C74A00108EFCB08DF95D69295DB7F5EF89304B2181EDD4095B365DB35AF01DB94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0040C210, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                			E0040C210(struct HWND__* __ecx, signed int _a4, signed int _a8, long _a12, intOrPtr* _a16) {
				struct HWND__* _v8;
				long _v12;
				long _v16;
				char _v20;
				char _v24;
				char _v28;
				struct HWND__* _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v44;

				_v32 = __ecx;
				_v8 = 0;
				_v36 = _a4;
				if(_v36 > 0x39) {
					if(_v36 > 0x115) {
						if(_v36 < 0x132) {
							L35:
							if(_v8 != 0) {
								if(( *(_v32 + 0x98) >> 0x00000003 & 0x00000001) == 0) {
									return SendMessageW(_v8, _a4 + 0x2000, _a8, _a12);
								}
								_v20 = 0;
								if(( *(_v32 + 0x98) & 0x00000001) != 0 && E0041D530(_v32 + 0x74) != 0) {
									_v44 = E0041D530(_v32 + 0x74);
									 *((intOrPtr*)( *((intOrPtr*)( *_v44 + 0x24))))(_v44, _a4 + 0x2000, _a8, _a12,  &_v20);
								}
								return _v20;
							}
							 *_a16 = 0;
							return 1;
						}
						if(_v36 <= 0x138) {
							_v8 = _a12;
							goto L35;
						}
						if(_v36 == 0x210) {
							E0040C190(_v32);
							_v40 = _a8 & 0xffff;
							if(_v40 <= 0) {
								L21:
								_v8 = E0041D530(E0040C1E0(_v32 + 4,  &_v24, _a8 >> 0x00000010 & 0xffff));
								L22:
								goto L35;
							}
							if(_v40 <= 2) {
								_v8 = _a12;
								goto L22;
							}
							goto L21;
						}
						goto L35;
					}
					if(_v36 >= 0x114) {
						L33:
						_v8 = _a12;
					} else {
						if(_v36 == 0x4e) {
							_v8 =  *_a12;
						} else {
							if(_v36 == 0x111) {
								if(_a12 != 0) {
									_v8 = _a12;
								}
							}
						}
					}
					goto L35;
				}
				if(_v36 == 0x39) {
					_v8 =  *((intOrPtr*)(_a12 + 8));
					goto L35;
				}
				_v36 = _v36 - 0x2b;
				if(_v36 > 4) {
					goto L35;
				}
				switch( *((intOrPtr*)(_v36 * 4 +  &M0040C44C))) {
					case 0:
						__eax = _a12;
						_v12 = _a12;
						__ecx = _v12;
						if(__ecx->i == 1) {
							__ecx = _v12;
							__edx =  *(__ecx + 0x14);
							if(IsWindow( *(__ecx + 0x14)) != 0) {
								__eax = _v12;
								__ecx =  *(_v12 + 0x14);
								_v8 = __ecx;
							}
						} else {
							__edx = _v12;
							__eax =  *(__edx + 0x14);
							_v8 =  *(__edx + 0x14);
						}
						goto L35;
					case 1:
						__edx = _a12;
						_v16 = _a12;
						__eax = _v16;
						if( *_v16 != 1) {
							__ecx = _v16;
							__edx =  *(_v16 + 4);
							__eax =  &_v28;
							__ecx = _v32;
							__ecx = _v32 + 4;
							__ecx = E0040C1E0(_v32 + 4,  &_v28,  *(_v16 + 4));
							_v8 = E0041D530(__ecx);
						}
						goto L35;
					case 2:
						__eax = _a12;
						__ecx =  *(_a12 + 0xc);
						_v8 = __ecx;
						goto L35;
					case 3:
						goto L33;
				}
			}













                                                                                                                                                                                0x0040c216
                                                                                                                                                                                0x0040c219
                                                                                                                                                                                0x0040c223
                                                                                                                                                                                0x0040c22a
                                                                                                                                                                                0x0040c25a
                                                                                                                                                                                0x0040c284
                                                                                                                                                                                0x0040c3a5
                                                                                                                                                                                0x0040c3a9
                                                                                                                                                                                0x0040c3cd
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040c43f
                                                                                                                                                                                0x0040c3cf
                                                                                                                                                                                0x0040c3e2
                                                                                                                                                                                0x0040c3fe
                                                                                                                                                                                0x0040c422
                                                                                                                                                                                0x0040c422
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040c424
                                                                                                                                                                                0x0040c3ae
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040c3b4
                                                                                                                                                                                0x0040c291
                                                                                                                                                                                0x0040c3a2
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040c3a2
                                                                                                                                                                                0x0040c29e
                                                                                                                                                                                0x0040c2c6
                                                                                                                                                                                0x0040c2d6
                                                                                                                                                                                0x0040c2dd
                                                                                                                                                                                0x0040c2ef
                                                                                                                                                                                0x0040c314
                                                                                                                                                                                0x0040c317
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040c317
                                                                                                                                                                                0x0040c2e3
                                                                                                                                                                                0x0040c2ea
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040c2ea
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040c2e5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040c2a0
                                                                                                                                                                                0x0040c263
                                                                                                                                                                                0x0040c397
                                                                                                                                                                                0x0040c39a
                                                                                                                                                                                0x0040c269
                                                                                                                                                                                0x0040c26d
                                                                                                                                                                                0x0040c2bb
                                                                                                                                                                                0x0040c26f
                                                                                                                                                                                0x0040c276
                                                                                                                                                                                0x0040c2a9
                                                                                                                                                                                0x0040c2ae
                                                                                                                                                                                0x0040c2ae
                                                                                                                                                                                0x0040c2b1
                                                                                                                                                                                0x0040c276
                                                                                                                                                                                0x0040c26d
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040c263
                                                                                                                                                                                0x0040c230
                                                                                                                                                                                0x0040c387
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040c387
                                                                                                                                                                                0x0040c23c
                                                                                                                                                                                0x0040c243
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040c24c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040c31c
                                                                                                                                                                                0x0040c31f
                                                                                                                                                                                0x0040c322
                                                                                                                                                                                0x0040c328
                                                                                                                                                                                0x0040c335
                                                                                                                                                                                0x0040c338
                                                                                                                                                                                0x0040c344
                                                                                                                                                                                0x0040c346
                                                                                                                                                                                0x0040c349
                                                                                                                                                                                0x0040c34c
                                                                                                                                                                                0x0040c34c
                                                                                                                                                                                0x0040c32a
                                                                                                                                                                                0x0040c32a
                                                                                                                                                                                0x0040c32d
                                                                                                                                                                                0x0040c330
                                                                                                                                                                                0x0040c330
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040c351
                                                                                                                                                                                0x0040c354
                                                                                                                                                                                0x0040c357
                                                                                                                                                                                0x0040c35d
                                                                                                                                                                                0x0040c35f
                                                                                                                                                                                0x0040c362
                                                                                                                                                                                0x0040c366
                                                                                                                                                                                0x0040c36a
                                                                                                                                                                                0x0040c36d
                                                                                                                                                                                0x0040c375
                                                                                                                                                                                0x0040c37c
                                                                                                                                                                                0x0040c37c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0040c38c
                                                                                                                                                                                0x0040c38f
                                                                                                                                                                                0x0040c392
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageW.USER32(00000000,?,?,?), ref: 0040C43F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                • String ID: N
                                                                                                                                                                                • API String ID: 3850602802-1130791706
                                                                                                                                                                                • Opcode ID: 7f2c5bcd31de584d4d0be3587bf2bf2be01db85bb1ee8956a34027b5554130ec
                                                                                                                                                                                • Instruction ID: a8dd4be5facf2ee9d7f11e99f2b5bce13c937c67a52612d1dba8838cde38d3c2
                                                                                                                                                                                • Opcode Fuzzy Hash: 7f2c5bcd31de584d4d0be3587bf2bf2be01db85bb1ee8956a34027b5554130ec
                                                                                                                                                                                • Instruction Fuzzy Hash: 1471D9B4910209DFDF18DF98C994AEEB7B1BF48304F24826EE811B7381D7389951DB69
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004F72A0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                			E004F72A0(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				struct HWND__* _v8;
				char _v16;
				signed int _v20;
				char _v48;
				char _v52;
				signed int _v53;
				char _v54;
				char _v84;
				struct HWND__* _v88;
				struct HWND__* _v92;
				struct HWND__* _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _t38;
				signed int _t39;
				signed int _t44;
				struct HWND__* _t46;
				signed int _t48;
				intOrPtr _t61;
				intOrPtr _t81;
				intOrPtr _t82;
				signed int _t83;

				_t82 = __esi;
				_t81 = __edi;
				_t78 = __edx;
				_t61 = __ebx;
				_push(0xffffffff);
				_push(0x5106dc);
				_push( *[fs:0x0]);
				_t38 =  *0x561244; // 0x554c9ad9
				_t39 = _t38 ^ _t83;
				_v20 = _t39;
				_push(_t39);
				 *[fs:0x0] =  &_v16;
				if(_a4 != 0) {
					E004175C0(E00434050( &_v54));
					_v8 = 0;
					_t44 = E004F6FA0(__eflags, _a4,  &_v52);
					__eflags = _t44;
					if(_t44 != 0) {
						_v92 = 1;
						_v8 = 0xffffffff;
						E004176E0();
						_t46 = _v92;
					} else {
						_t48 = E004C5660(0x54, 0);
						asm("sbb eax, eax");
						_v53 =  ~( ~_t48);
						__eflags = _v53 & 0x000000ff;
						if((_v53 & 0x000000ff) != 0) {
							MessageBoxW(0, E00416A30( &_v48), L"JSError", 0x30);
						}
						__eflags =  &_v52;
						if( &_v52 == 0) {
							_v96 = 0;
						} else {
							_v96 =  &_v52 + 4;
						}
						_v100 = E00409760( &_v84, L"JSError: ", _v96);
						_v104 = _v100;
						_v8 = 1;
						_t78 = _v104;
						E00409880( &_v52, __eflags, _v104);
						_v8 = 0;
						E004178C0( &_v84);
						E004162C0(0xc0b50001, E00416A30( &_v48));
						_v88 = 0;
						_v8 = 0xffffffff;
						E004176E0();
						_t46 = _v88;
					}
				} else {
					_t46 = 0x80070057;
				}
				 *[fs:0x0] = _v16;
				return E0044F6C8(_t46, _t61, _v20 ^ _t83, _t78, _t81, _t82);
			}

























                                                                                                                                                                                0x004f72a0
                                                                                                                                                                                0x004f72a0
                                                                                                                                                                                0x004f72a0
                                                                                                                                                                                0x004f72a0
                                                                                                                                                                                0x004f72a3
                                                                                                                                                                                0x004f72a5
                                                                                                                                                                                0x004f72b0
                                                                                                                                                                                0x004f72b4
                                                                                                                                                                                0x004f72b9
                                                                                                                                                                                0x004f72bb
                                                                                                                                                                                0x004f72be
                                                                                                                                                                                0x004f72c2
                                                                                                                                                                                0x004f72cc
                                                                                                                                                                                0x004f72e4
                                                                                                                                                                                0x004f72e9
                                                                                                                                                                                0x004f72f8
                                                                                                                                                                                0x004f7300
                                                                                                                                                                                0x004f7302
                                                                                                                                                                                0x004f73c1
                                                                                                                                                                                0x004f73c8
                                                                                                                                                                                0x004f73d2
                                                                                                                                                                                0x004f73d7
                                                                                                                                                                                0x004f7308
                                                                                                                                                                                0x004f730c
                                                                                                                                                                                0x004f7316
                                                                                                                                                                                0x004f731a
                                                                                                                                                                                0x004f7321
                                                                                                                                                                                0x004f7323
                                                                                                                                                                                0x004f7337
                                                                                                                                                                                0x004f7337
                                                                                                                                                                                0x004f7340
                                                                                                                                                                                0x004f7342
                                                                                                                                                                                0x004f734f
                                                                                                                                                                                0x004f7344
                                                                                                                                                                                0x004f734a
                                                                                                                                                                                0x004f734a
                                                                                                                                                                                0x004f736b
                                                                                                                                                                                0x004f7371
                                                                                                                                                                                0x004f7374
                                                                                                                                                                                0x004f7378
                                                                                                                                                                                0x004f737f
                                                                                                                                                                                0x004f7384
                                                                                                                                                                                0x004f738b
                                                                                                                                                                                0x004f739e
                                                                                                                                                                                0x004f73a6
                                                                                                                                                                                0x004f73ad
                                                                                                                                                                                0x004f73b7
                                                                                                                                                                                0x004f73bc
                                                                                                                                                                                0x004f73bc
                                                                                                                                                                                0x004f72ce
                                                                                                                                                                                0x004f72ce
                                                                                                                                                                                0x004f72ce
                                                                                                                                                                                0x004f73dd
                                                                                                                                                                                0x004f73f2

                                                                                                                                                                                APIs
                                                                                                                                                                                • MessageBoxW.USER32(00000000,00000000,JSError,00000030), ref: 004F7337
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                • String ID: JSError$JSError:
                                                                                                                                                                                • API String ID: 2030045667-3168168555
                                                                                                                                                                                • Opcode ID: 42e742ffd9a1536f2d14c755325dd20dc25cb919ebf6b0812c9d4b6b4316db29
                                                                                                                                                                                • Instruction ID: cf006f8e730ff20441fb699ad4947263adb02b852262e9c3252fa3747a375cb8
                                                                                                                                                                                • Opcode Fuzzy Hash: 42e742ffd9a1536f2d14c755325dd20dc25cb919ebf6b0812c9d4b6b4316db29
                                                                                                                                                                                • Instruction Fuzzy Hash: 15416C70D1425CEBDB04DFE5DD41BEEB7B4AF10714F10812EE916AB281EB786A08CB58
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004142F0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                                                			E004142F0(struct HMENU__* __ecx, struct HWND__* _a4, char _a8, WCHAR* _a12, signed int _a16, long _a20, struct HMENU__* _a24, signed int _a28, void* _a32) {
				struct HWND__* _v8;
				intOrPtr _v12;
				struct HMENU__* _v16;
				struct HINSTANCE__* _t37;

				_v16 = __ecx;
				do {
				} while (0 != 0 || 0 != 0);
				_v12 = E00416FC0(_v16 + 8, 0, 0);
				if(_v12 != 0) {
					if((_a28 & 0x0000ffff) != 0) {
						E004142D0(0x5bc84c, _v16 + 8, _v16);
						if(_a24 == 0 && (_a16 & 0x40000000) != 0) {
							_a24 = _v16;
						}
						if(_a8 == 0) {
							_a8 = 0x563b60;
						}
						_t37 = E004150F0(0x5bc878);
						_t17 =  &_a8; // 0x563b60
						_t18 =  &_a8; // 0x563b60
						_t21 =  &_a8; // 0x563b60
						_t22 =  &_a8; // 0x563b60
						_t24 =  &_a8; // 0x563b60
						_t26 =  &_a8; // 0x563b60
						_v8 = CreateWindowExW(_a20, _a28 & 0x0000ffff, _a12, _a16,  *( *_t26),  *( *_t24 + 4),  *((intOrPtr*)( *_t21 + 8)) -  *((intOrPtr*)( *_t22)),  *((intOrPtr*)( *_t17 + 0xc)) -  *((intOrPtr*)( *_t18 + 4)), _a4, _a24, _t37, _a32);
						do {
						} while (0 != 0 || 0 != 0);
						return _v8;
					}
					return 0;
				}
				SetLastError(0xe);
				return 0;
			}







                                                                                                                                                                                0x004142f6
                                                                                                                                                                                0x004142f9
                                                                                                                                                                                0x004142f9
                                                                                                                                                                                0x00414310
                                                                                                                                                                                0x00414317
                                                                                                                                                                                0x0041432e
                                                                                                                                                                                0x00414347
                                                                                                                                                                                0x00414350
                                                                                                                                                                                0x00414360
                                                                                                                                                                                0x00414360
                                                                                                                                                                                0x00414367
                                                                                                                                                                                0x00414369
                                                                                                                                                                                0x00414369
                                                                                                                                                                                0x00414379
                                                                                                                                                                                0x00414387
                                                                                                                                                                                0x0041438a
                                                                                                                                                                                0x00414394
                                                                                                                                                                                0x00414397
                                                                                                                                                                                0x004143a0
                                                                                                                                                                                0x004143a7
                                                                                                                                                                                0x004143c4
                                                                                                                                                                                0x004143c7
                                                                                                                                                                                0x004143c7
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x004143cf
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00414330
                                                                                                                                                                                0x0041431b
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • SetLastError.KERNEL32(0000000E,00000000,00000000,?), ref: 0041431B
                                                                                                                                                                                • CreateWindowExW.USER32 ref: 004143BE
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateErrorLastWindow
                                                                                                                                                                                • String ID: `;V
                                                                                                                                                                                • API String ID: 3732789607-153881035
                                                                                                                                                                                • Opcode ID: bc5481094147c5028f869b2af17f56e0ed4df777ac421fbe60ea03ec0394619d
                                                                                                                                                                                • Instruction ID: f4675ab21f95ec9b4676b29afb7d41b1f0b68bab34476891cf68291ecf48fe51
                                                                                                                                                                                • Opcode Fuzzy Hash: bc5481094147c5028f869b2af17f56e0ed4df777ac421fbe60ea03ec0394619d
                                                                                                                                                                                • Instruction Fuzzy Hash: F931E875600109ABCB04CFA9D890BEEB7B5FB98305F10C15AFD199B344D638E991CB68
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00414570, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                			E00414570(intOrPtr* __ecx, void* __edi, void* __esi, char _a4) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				signed int _v24;
				signed int _v28;
				void* _t85;
				void* _t86;

				_t86 = __esi;
				_t85 = __edi;
				_v20 = __ecx;
				if( *(_v20 + 4) !=  *(_v20 + 8)) {
					L17:
					_t38 =  &_a4; // 0x412f7d
					E004144E0(_v20,  *(_v20 + 4),  *_t38);
					 *(_v20 + 4) =  *(_v20 + 4) + 1;
					return 1;
				} else {
					goto L1;
				}
				do {
					L1:
					_t7 =  &_a4; // 0x412f7d
					if( *_t7 <  *_v20 || _a4 >=  *_v20 +  *(_v20 + 8) * 2) {
						_v24 = 1;
					} else {
						_v24 = 0;
					}
					_v16 = _v24;
					if(_v16 == 0) {
						E00417470(0x80004005);
					}
				} while (0 != 0);
				if( *(_v20 + 8) != 0) {
					_v28 =  *(_v20 + 4) << 1;
				} else {
					_v28 = 1;
				}
				_v12 = _v28;
				if(_v12 < 0 || _v12 > 0x3fffffff) {
					return 0;
				} else {
					_v8 = E00451CF3(_t85, _t86,  *_v20, _v12, 2);
					if(_v8 != 0) {
						 *(_v20 + 8) = _v12;
						 *_v20 = _v8;
						goto L17;
					}
					return 0;
				}
			}











                                                                                                                                                                                0x00414570
                                                                                                                                                                                0x00414570
                                                                                                                                                                                0x00414576
                                                                                                                                                                                0x00414585
                                                                                                                                                                                0x0041463a
                                                                                                                                                                                0x0041463a
                                                                                                                                                                                0x00414648
                                                                                                                                                                                0x00414659
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0041458b
                                                                                                                                                                                0x0041458b
                                                                                                                                                                                0x0041458e
                                                                                                                                                                                0x00414593
                                                                                                                                                                                0x004145b1
                                                                                                                                                                                0x004145a8
                                                                                                                                                                                0x004145a8
                                                                                                                                                                                0x004145a8
                                                                                                                                                                                0x004145bb
                                                                                                                                                                                0x004145c2
                                                                                                                                                                                0x004145c9
                                                                                                                                                                                0x004145c9
                                                                                                                                                                                0x004145ce
                                                                                                                                                                                0x004145d9
                                                                                                                                                                                0x004145ec
                                                                                                                                                                                0x004145db
                                                                                                                                                                                0x004145db
                                                                                                                                                                                0x004145db
                                                                                                                                                                                0x004145f2
                                                                                                                                                                                0x004145f9
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00414608
                                                                                                                                                                                0x0041461c
                                                                                                                                                                                0x00414623
                                                                                                                                                                                0x0041462f
                                                                                                                                                                                0x00414638
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00414638
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00414625

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __recalloc
                                                                                                                                                                                • String ID: }/A$}/A
                                                                                                                                                                                • API String ID: 492097735-3808699022
                                                                                                                                                                                • Opcode ID: ed2bd2c41bf67b89da7877967f424ab82685def55af695b61b3782420c1fa0cc
                                                                                                                                                                                • Instruction ID: 24197290a2c52d798ca412b7abbdb8b798166c6d33e6234649ae13cb00557ef3
                                                                                                                                                                                • Opcode Fuzzy Hash: ed2bd2c41bf67b89da7877967f424ab82685def55af695b61b3782420c1fa0cc
                                                                                                                                                                                • Instruction Fuzzy Hash: 9031EAB4A00219EFCB04DF94C580AEEB7B2FF89308F20855AD915AB351D739AD81CB94
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 004F16B0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                			E004F16B0(intOrPtr __ecx) {
				int _v8;
				char _v16;
				char _v20;
				char _v24;
				char _v25;
				char _v32;
				char _v33;
				intOrPtr _v40;
				signed int _t28;
				void* _t39;
				void* _t41;
				struct HWND__* _t44;
				intOrPtr _t48;
				signed int _t71;

				_push(0xffffffff);
				_push(0x50c858);
				_push( *[fs:0x0]);
				_t28 =  *0x561244; // 0x554c9ad9
				_push(_t28 ^ _t71);
				 *[fs:0x0] =  &_v16;
				_v40 = __ecx;
				E00414C90();
				_v8 = 0;
				if((E004F06E0(_v40, L"setupProgress", E00434050( &_v24)) & 0x000000ff) != 0) {
					E00414C90();
					_v8 = 1;
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v40 + 0x5c))))))(_v40 + 0x5c, E00434050( &_v20));
					_t39 = E0041D530( &_v20);
					__eflags = _v40 + 0x84;
					_t41 = E0041D530(E00416210(_v40 + 0x84,  &_v32));
					E004E6ED0(E004049B0(), __eflags, _t41, _t39);
					_t44 =  *0x5bdd34; // 0x18021a
					PostMessageW(_t44, 0x402, 0, 0);
					_v33 = 1;
					_v8 = 0;
					E0040D320();
					_v8 = 0xffffffff;
					E0040D320();
					_t48 = _v33;
				} else {
					_v25 = 0;
					_v8 = 0xffffffff;
					E0040D320();
					_t48 = _v25;
				}
				 *[fs:0x0] = _v16;
				return _t48;
			}

















                                                                                                                                                                                0x004f16b3
                                                                                                                                                                                0x004f16b5
                                                                                                                                                                                0x004f16c0
                                                                                                                                                                                0x004f16c4
                                                                                                                                                                                0x004f16cb
                                                                                                                                                                                0x004f16cf
                                                                                                                                                                                0x004f16d5
                                                                                                                                                                                0x004f16db
                                                                                                                                                                                0x004f16e0
                                                                                                                                                                                0x004f1702
                                                                                                                                                                                0x004f1722
                                                                                                                                                                                0x004f1727
                                                                                                                                                                                0x004f1743
                                                                                                                                                                                0x004f1748
                                                                                                                                                                                0x004f1755
                                                                                                                                                                                0x004f1762
                                                                                                                                                                                0x004f176f
                                                                                                                                                                                0x004f177d
                                                                                                                                                                                0x004f1783
                                                                                                                                                                                0x004f1789
                                                                                                                                                                                0x004f178d
                                                                                                                                                                                0x004f1794
                                                                                                                                                                                0x004f1799
                                                                                                                                                                                0x004f17a3
                                                                                                                                                                                0x004f17a8
                                                                                                                                                                                0x004f1704
                                                                                                                                                                                0x004f1704
                                                                                                                                                                                0x004f1708
                                                                                                                                                                                0x004f1712
                                                                                                                                                                                0x004f1717
                                                                                                                                                                                0x004f1717
                                                                                                                                                                                0x004f17ae
                                                                                                                                                                                0x004f17b9

                                                                                                                                                                                APIs
                                                                                                                                                                                • _Immortalize.LIBCPMTD ref: 004F1768
                                                                                                                                                                                • PostMessageW.USER32(0018021A,00000402,00000000,00000000), ref: 004F1783
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ImmortalizeMessagePost
                                                                                                                                                                                • String ID: setupProgress
                                                                                                                                                                                • API String ID: 2625385972-2832641745
                                                                                                                                                                                • Opcode ID: 3416b2c64cff4d0a2fdd0e3e7097e33905e81d981fb11a63ee0862c9b060d800
                                                                                                                                                                                • Instruction ID: 5efc7772feee3f8601489b69cf35665293bf3e2b9feb4c2702f4ee32e789bbc5
                                                                                                                                                                                • Opcode Fuzzy Hash: 3416b2c64cff4d0a2fdd0e3e7097e33905e81d981fb11a63ee0862c9b060d800
                                                                                                                                                                                • Instruction Fuzzy Hash: 4D319170D00249ABCB08EFE5D952BFEB7B4AF14314F10419EE512772D1DB782A08CBA9
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0040D250, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                			E0040D250(intOrPtr __ebx, intOrPtr __ecx, WCHAR* __edx, intOrPtr __edi, intOrPtr __esi) {
				signed int _v8;
				short _v24;
				char _v28;
				intOrPtr _v32;
				signed int _t8;
				signed int _t14;
				intOrPtr _t18;
				intOrPtr _t26;
				intOrPtr _t27;
				signed int _t28;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t18 = __ebx;
				_t8 =  *0x561244; // 0x554c9ad9
				_v8 = _t8 ^ _t28;
				_v32 = __ecx;
				if(GetClassNameW(E0041D530(E00416210(_v32,  &_v28)),  &_v24, 8) != 0) {
					_t25 =  &_v24;
					_t14 = lstrcmpW( &_v24, L"#32770");
					asm("sbb eax, eax");
					_t16 =  ~_t14 + 1;
				} else {
					_t16 = 0;
				}
				return E0044F6C8(_t16, _t18, _v8 ^ _t28, _t25, _t26, _t27);
			}













                                                                                                                                                                                0x0040d250
                                                                                                                                                                                0x0040d250
                                                                                                                                                                                0x0040d250
                                                                                                                                                                                0x0040d250
                                                                                                                                                                                0x0040d256
                                                                                                                                                                                0x0040d25d
                                                                                                                                                                                0x0040d260
                                                                                                                                                                                0x0040d285
                                                                                                                                                                                0x0040d290
                                                                                                                                                                                0x0040d294
                                                                                                                                                                                0x0040d29c
                                                                                                                                                                                0x0040d29e
                                                                                                                                                                                0x0040d287
                                                                                                                                                                                0x0040d287
                                                                                                                                                                                0x0040d287
                                                                                                                                                                                0x0040d2ae

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00416210: GetParent.USER32(-00000084), ref: 0041621D
                                                                                                                                                                                • GetClassNameW.USER32 ref: 0040D27D
                                                                                                                                                                                • lstrcmpW.KERNEL32(?,#32770), ref: 0040D294
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClassNameParentlstrcmp
                                                                                                                                                                                • String ID: #32770
                                                                                                                                                                                • API String ID: 3513268407-463685578
                                                                                                                                                                                • Opcode ID: e2890b091a2eff4d2f0aae01bf3e70ddc12ed54ec836df256570ebb502a240df
                                                                                                                                                                                • Instruction ID: 1690f334c6585ecb6f88071bad41f21d97651b8226febb9f9509e1ae735e5502
                                                                                                                                                                                • Opcode Fuzzy Hash: e2890b091a2eff4d2f0aae01bf3e70ddc12ed54ec836df256570ebb502a240df
                                                                                                                                                                                • Instruction Fuzzy Hash: 4BF09030E00209ABDB00EFF5D9469FE77B8AB14304B50496EA406E7280FA38A9099B55
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0044F642, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                			E0044F642(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v0;
				signed int _v4;
				char _v20;
				char _v40;
				char _v80;
				void* _t37;
				signed int _t38;
				intOrPtr* _t42;
				void* _t55;
				void* _t59;
				void* _t61;

				_t56 = __edi;
				_t45 = __ebx;
				_push(0x44);
				E00456E7E(0x505398, __ebx, __edi, __esi);
				E004134D0( &_v40, "string too long");
				_v4 = _v4 & 0x00000000;
				E00413D50( &_v40);
				E00456A4C( &_v80, 0x544b50);
				asm("int3");
				_push(0x44);
				E00456E7E(0x505398, __ebx, __edi, __esi);
				E004134D0( &_v40, "invalid string position");
				_v4 = _v4 & 0x00000000;
				E00413210( &_v40);
				E00456A4C( &_v80, 0x544adc);
				asm("int3");
				_t61 = _t59;
				_push(_t61);
				while(1) {
					_t37 = E0044FBD9(_t45, _t55, _t56, _v0); // executed
					if(_t37 != 0) {
						break;
					}
					_t38 = E00456FFC(_v0);
					__eflags = _t38;
					if(_t38 == 0) {
						__eflags =  *0x5bc914 & 0x00000001;
						if(( *0x5bc914 & 0x00000001) == 0) {
							 *0x5bc914 =  *0x5bc914 | 0x00000001;
							__eflags =  *0x5bc914;
							E0044F754(0x5bc908);
							E0044FAE5( *0x5bc914, 0x51a041);
						}
						E00417C20(0x5bc908);
						E00456A4C( &_v20, 0x544b88);
						asm("int3");
						_t42 =  &_v20;
						 *(_t42 + 4) =  *(_t42 + 4) & 0x00000000;
						_t21 = _t42 + 8;
						 *_t21 =  *(_t42 + 8) & 0x00000000;
						__eflags =  *_t21;
						 *_t42 = 0x51bc00;
						return _t42;
					} else {
						continue;
					}
					L11:
				}
				return _t37;
				goto L11;
			}














                                                                                                                                                                                0x0044f642
                                                                                                                                                                                0x0044f642
                                                                                                                                                                                0x0044f642
                                                                                                                                                                                0x0044f649
                                                                                                                                                                                0x0044f656
                                                                                                                                                                                0x0044f65b
                                                                                                                                                                                0x0044f666
                                                                                                                                                                                0x0044f674
                                                                                                                                                                                0x0044f679
                                                                                                                                                                                0x0044f67a
                                                                                                                                                                                0x0044f681
                                                                                                                                                                                0x0044f68e
                                                                                                                                                                                0x0044f693
                                                                                                                                                                                0x0044f69e
                                                                                                                                                                                0x0044f6ac
                                                                                                                                                                                0x0044f6b1
                                                                                                                                                                                0x0044f6b7
                                                                                                                                                                                0x0044f771
                                                                                                                                                                                0x0044f786
                                                                                                                                                                                0x0044f789
                                                                                                                                                                                0x0044f791
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0044f77c
                                                                                                                                                                                0x0044f782
                                                                                                                                                                                0x0044f784
                                                                                                                                                                                0x0044f795
                                                                                                                                                                                0x0044f7a1
                                                                                                                                                                                0x0044f7a3
                                                                                                                                                                                0x0044f7a3
                                                                                                                                                                                0x0044f7ac
                                                                                                                                                                                0x0044f7b6
                                                                                                                                                                                0x0044f7bb
                                                                                                                                                                                0x0044f7c0
                                                                                                                                                                                0x0044f7ce
                                                                                                                                                                                0x0044f7d3
                                                                                                                                                                                0x0044f7d4
                                                                                                                                                                                0x0044f7d6
                                                                                                                                                                                0x0044f7da
                                                                                                                                                                                0x0044f7da
                                                                                                                                                                                0x0044f7da
                                                                                                                                                                                0x0044f7de
                                                                                                                                                                                0x0044f7e4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0044f784
                                                                                                                                                                                0x0044f794
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0044F649
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 0044F674
                                                                                                                                                                                  • Part of subcall function 00456A4C: RaiseException.KERNEL32(?,?,00417495,?,?,?,?,?,00417495,?,00544A68,?), ref: 00456A8E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionException@8H_prolog3RaiseThrow
                                                                                                                                                                                • String ID: string too long
                                                                                                                                                                                • API String ID: 1961742612-2556327735
                                                                                                                                                                                • Opcode ID: 0d2da4726461649e821c7cc043b2f499f67cff6a2130653a1fe2c0e11d901b1d
                                                                                                                                                                                • Instruction ID: 67ae62e1f2c81d8f8597e4a67a4f88d5809dd61757c1dccfe68e006e076641f1
                                                                                                                                                                                • Opcode Fuzzy Hash: 0d2da4726461649e821c7cc043b2f499f67cff6a2130653a1fe2c0e11d901b1d
                                                                                                                                                                                • Instruction Fuzzy Hash: 93D0127195020897DB04EAD1CC52BDDB778BB1431EF40041AA60177086DBBC5648CB28
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0044F67A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                			E0044F67A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v0;
				signed int _v4;
				char _v20;
				char _v40;
				char _v80;
				void* _t24;
				signed int _t25;
				intOrPtr* _t29;
				void* _t40;
				void* _t44;
				void* _t46;

				_t41 = __edi;
				_t32 = __ebx;
				_push(0x44);
				E00456E7E(0x505398, __ebx, __edi, __esi);
				E004134D0( &_v40, "invalid string position");
				_v4 = _v4 & 0x00000000;
				E00413210( &_v40);
				E00456A4C( &_v80, 0x544adc);
				asm("int3");
				_t46 = _t44;
				_push(_t46);
				while(1) {
					_t24 = E0044FBD9(_t32, _t40, _t41, _v0); // executed
					if(_t24 != 0) {
						break;
					}
					_t25 = E00456FFC(_v0);
					__eflags = _t25;
					if(_t25 == 0) {
						__eflags =  *0x5bc914 & 0x00000001;
						if(( *0x5bc914 & 0x00000001) == 0) {
							 *0x5bc914 =  *0x5bc914 | 0x00000001;
							__eflags =  *0x5bc914;
							E0044F754(0x5bc908);
							E0044FAE5( *0x5bc914, 0x51a041);
						}
						E00417C20(0x5bc908);
						E00456A4C( &_v20, 0x544b88);
						asm("int3");
						_t29 =  &_v20;
						 *(_t29 + 4) =  *(_t29 + 4) & 0x00000000;
						_t15 = _t29 + 8;
						 *_t15 =  *(_t29 + 8) & 0x00000000;
						__eflags =  *_t15;
						 *_t29 = 0x51bc00;
						return _t29;
					} else {
						continue;
					}
					L10:
				}
				return _t24;
				goto L10;
			}














                                                                                                                                                                                0x0044f67a
                                                                                                                                                                                0x0044f67a
                                                                                                                                                                                0x0044f67a
                                                                                                                                                                                0x0044f681
                                                                                                                                                                                0x0044f68e
                                                                                                                                                                                0x0044f693
                                                                                                                                                                                0x0044f69e
                                                                                                                                                                                0x0044f6ac
                                                                                                                                                                                0x0044f6b1
                                                                                                                                                                                0x0044f6b7
                                                                                                                                                                                0x0044f771
                                                                                                                                                                                0x0044f786
                                                                                                                                                                                0x0044f789
                                                                                                                                                                                0x0044f791
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0044f77c
                                                                                                                                                                                0x0044f782
                                                                                                                                                                                0x0044f784
                                                                                                                                                                                0x0044f795
                                                                                                                                                                                0x0044f7a1
                                                                                                                                                                                0x0044f7a3
                                                                                                                                                                                0x0044f7a3
                                                                                                                                                                                0x0044f7ac
                                                                                                                                                                                0x0044f7b6
                                                                                                                                                                                0x0044f7bb
                                                                                                                                                                                0x0044f7c0
                                                                                                                                                                                0x0044f7ce
                                                                                                                                                                                0x0044f7d3
                                                                                                                                                                                0x0044f7d4
                                                                                                                                                                                0x0044f7d6
                                                                                                                                                                                0x0044f7da
                                                                                                                                                                                0x0044f7da
                                                                                                                                                                                0x0044f7da
                                                                                                                                                                                0x0044f7de
                                                                                                                                                                                0x0044f7e4
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0044f784
                                                                                                                                                                                0x0044f794
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0044F681
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 0044F6AC
                                                                                                                                                                                  • Part of subcall function 00456A4C: RaiseException.KERNEL32(?,?,00417495,?,?,?,?,?,00417495,?,00544A68,?), ref: 00456A8E
                                                                                                                                                                                Strings
                                                                                                                                                                                • invalid string position, xrefs: 0044F686
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionException@8H_prolog3RaiseThrow
                                                                                                                                                                                • String ID: invalid string position
                                                                                                                                                                                • API String ID: 1961742612-1799206989
                                                                                                                                                                                • Opcode ID: 41e8345944dceef866e9bcd104b2444109eab020c7f016eb326f7da1192036a1
                                                                                                                                                                                • Instruction ID: add6abddfee71d70b86efe27a181920542ec3159fd15ba36859697a7e8980588
                                                                                                                                                                                • Opcode Fuzzy Hash: 41e8345944dceef866e9bcd104b2444109eab020c7f016eb326f7da1192036a1
                                                                                                                                                                                • Instruction Fuzzy Hash: 55D012719402089BDB04EAD1CC42BDD7778BB1431AF40041AA50177086DBB95A48CA18
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 0044F341, Relevance: 5.1, APIs: 4, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                C-Code - Quality: 48%
                                                                                                                                                                                			E0044F341() {
				intOrPtr _t1;
				void* _t2;
				void* _t12;
				void* _t16;
				void* _t18;
				void* _t19;

				if( *0x5bc840 != 0 || E0044F1DA() != 0) {
					_t1 =  *0x5bc840; // 0x0
					if(_t1 != 1) {
						_t2 =  *0x5bc848(_t1);
						if(_t2 != 0) {
							return _t2;
						} else {
							_t18 = VirtualAlloc(0, 0x1000, 0x1000, 0x40);
							if(_t18 != 0) {
								_push( *0x5bc840);
								if( *0x5bc848() == 0) {
									_t16 = _t18;
									_t19 = _t18 + 0xff0;
									do {
										 *0x5bc844( *0x5bc840, _t16);
										_t16 = _t16 + 0x10;
									} while (_t16 < _t19);
									L13:
									return _t16;
								}
								VirtualFree(_t18, 0, 0x8000);
								goto L13;
							}
							goto L8;
						}
					} else {
						_t12 = HeapAlloc(GetProcessHeap(), 0, 0xd);
						if(_t12 == 0) {
							goto L8;
						} else {
							return _t12;
						}
					}
				} else {
					L8:
					return 0;
				}
			}









                                                                                                                                                                                0x0044f2a9
                                                                                                                                                                                0x0044f2b4
                                                                                                                                                                                0x0044f2bc
                                                                                                                                                                                0x0044f2d6
                                                                                                                                                                                0x0044f2de
                                                                                                                                                                                0x0044f340
                                                                                                                                                                                0x0044f2e0
                                                                                                                                                                                0x0044f2f1
                                                                                                                                                                                0x0044f2f5
                                                                                                                                                                                0x0044f2fe
                                                                                                                                                                                0x0044f30e
                                                                                                                                                                                0x0044f320
                                                                                                                                                                                0x0044f322
                                                                                                                                                                                0x0044f328
                                                                                                                                                                                0x0044f32f
                                                                                                                                                                                0x0044f335
                                                                                                                                                                                0x0044f338
                                                                                                                                                                                0x0044f33c
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0044f33e
                                                                                                                                                                                0x0044f318
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0044f318
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0044f2f5
                                                                                                                                                                                0x0044f2be
                                                                                                                                                                                0x0044f2c9
                                                                                                                                                                                0x0044f2d1
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x0044f2d4
                                                                                                                                                                                0x0044f2d4
                                                                                                                                                                                0x0044f2d4
                                                                                                                                                                                0x0044f2d1
                                                                                                                                                                                0x0044f2f7
                                                                                                                                                                                0x0044f2f7
                                                                                                                                                                                0x0044f2fa
                                                                                                                                                                                0x0044f2fa

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,0000000D,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F2C2
                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F2C9
                                                                                                                                                                                  • Part of subcall function 0044F1DA: IsProcessorFeaturePresent.KERNEL32(0000000C,0044F2B0,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F1DC
                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F2EB
                                                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00416F18,?,00416F88,0000000D,?,?,?,?,00416CAE,00000000), ref: 0044F318
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.703432743.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000006.00000002.703415298.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.703833130.000000000051B000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704080761.0000000000561000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704096522.0000000000562000.00000008.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704252897.00000000005BB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704283548.00000000005C0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000006.00000002.704304939.00000000005C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_400000_Setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocHeapVirtual$FeatureFreePresentProcessProcessor
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4058086966-0
                                                                                                                                                                                • Opcode ID: 16e7b19f690fbd505acd56a4ef34f332f60cb3ca9fddfb0f5a395bba0b016975
                                                                                                                                                                                • Instruction ID: bba78e7b3f5f76ffbaaea230f02ad9ca1bdd40546a675a28c4d26747fd10df00
                                                                                                                                                                                • Opcode Fuzzy Hash: 16e7b19f690fbd505acd56a4ef34f332f60cb3ca9fddfb0f5a395bba0b016975
                                                                                                                                                                                • Instruction Fuzzy Hash: E301F53524021167F7711B6CBC18F6B3AA5FBA0711F1602B2F904D72A0DB69EC4DA66C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Analysis Process: setup.exe PID: 5404 Parent PID: 1836 setup.exeCOMMON

                                                                                                                                                                                Callgraph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                                                • Disassembly available
                                                                                                                                                                                callgraph 0 Function_00931000 3 Function_00931316 0->3 9 Function_0093117C 0->9 1 Function_009314F0 2 Function_00931460 4 Function_00931325 3->4 4->1 7 Function_009314F8 4->7 8 Function_0093150D 4->8 5 Function_009315EB 6 Function_009312F8 6->0 6->9 9->0 9->3

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 00931000, Relevance: 35.1, APIs: 13, Strings: 7, Instructions: 115filetimeCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                C-Code - Quality: 72%
                                                                                                                                                                                			E00931000(char _a4, intOrPtr _a8) {
				signed int _v8;
				short _v528;
				short _v1048;
				struct _SYSTEMTIME _v1064;
				intOrPtr _v1068;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t30;
				WCHAR* _t31;
				intOrPtr _t35;
				int _t49;
				int _t51;
				int _t52;
				signed int _t58;
				signed int _t59;
				void* _t60;
				WCHAR* _t61;
				void* _t62;
				signed int _t63;

				_v8 =  *0x933004 ^ _t63;
				_v1068 = _a8;
				 *0x933048 = 0;
				_v528 = 0;
				 *0x933250 = 1;
				_t52 = 0; // executed
				__imp__SHGetFolderPathW(0, 0x10, 0, 0,  &_v528); // executed
				PathAddBackslashW( &_v528);
				_t30 =  &((GetCommandLineW())[1]);
				do {
					_t31 = StrStrIW(_t30, "log");
					if(_t31 == 0) {
						break;
					}
					_t58 =  *(_t31 - 2) & 0x0000ffff;
					if(_t58 == 0x2d || _t58 == 0x2f) {
						_t59 = _t31[3] & 0x0000ffff;
						if(_t59 == 0 || _t59 == 0x20) {
							_t52 = 1;
						}
					}
					_t30 =  &(_t31[3]);
				} while (_t52 == 0);
				_t61 = StrCpyW;
				_t62 = StrCatW;
				if(_t52 != 0) {
					L12:
					 *0x933254 = GetCurrentProcessId();
					StrCpyW(0x933048,  &_v528);
					_t35 = _v1068;
					_t61 = 0x933048;
					if(_t35 == 0) {
						_push(L"DesktopLog.txt");
					} else {
						_push(_t35);
					}
					StrCatW(_t61);
					if(_a4 != 0) {
						DeleteFileW(_t61);
					}
					GetSystemTime( &_v1064);
					_push(_v1064.wYear & 0x0000ffff);
					_push(_v1064.wMonth & 0x0000ffff);
					E0093117C(_t60, L"========== %02d/%02d/%d ==========", _v1064.wDay & 0x0000ffff);
					L18:
					return E00931316(_t52, _v8 ^ _t63, _t60, _t61, _t62);
				}
				StrCpyW( &_v1048,  &_v528);
				StrCatW( &_v1048, L"Methods.txt");
				_t49 = PathFileExistsW( &_v1048); // executed
				if(_t49 == 0) {
					goto L18;
				}
				_t51 = GetPrivateProfileIntW(L"config", L"desktop_logger", 0,  &_v1048);
				if(_t51 != 1) {
					goto L18;
				}
				_t52 = _t51;
				goto L12;
			}























                                                                                                                                                                                0x00931010
                                                                                                                                                                                0x00931018
                                                                                                                                                                                0x00931021
                                                                                                                                                                                0x00931029
                                                                                                                                                                                0x0093103c
                                                                                                                                                                                0x00931043
                                                                                                                                                                                0x00931045
                                                                                                                                                                                0x00931052
                                                                                                                                                                                0x0093105e
                                                                                                                                                                                0x00931061
                                                                                                                                                                                0x00931067
                                                                                                                                                                                0x0093106f
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00931071
                                                                                                                                                                                0x00931078
                                                                                                                                                                                0x0093107f
                                                                                                                                                                                0x00931086
                                                                                                                                                                                0x0093108d
                                                                                                                                                                                0x0093108d
                                                                                                                                                                                0x00931086
                                                                                                                                                                                0x0093108f
                                                                                                                                                                                0x00931092
                                                                                                                                                                                0x00931096
                                                                                                                                                                                0x0093109c
                                                                                                                                                                                0x009310a4
                                                                                                                                                                                0x009310f9
                                                                                                                                                                                0x009310ff
                                                                                                                                                                                0x00931110
                                                                                                                                                                                0x00931112
                                                                                                                                                                                0x00931118
                                                                                                                                                                                0x0093111f
                                                                                                                                                                                0x00931124
                                                                                                                                                                                0x00931121
                                                                                                                                                                                0x00931121
                                                                                                                                                                                0x00931121
                                                                                                                                                                                0x0093112a
                                                                                                                                                                                0x00931130
                                                                                                                                                                                0x00931133
                                                                                                                                                                                0x00931133
                                                                                                                                                                                0x00931140
                                                                                                                                                                                0x00931154
                                                                                                                                                                                0x00931155
                                                                                                                                                                                0x00931163
                                                                                                                                                                                0x0093116b
                                                                                                                                                                                0x0093117b
                                                                                                                                                                                0x0093117b
                                                                                                                                                                                0x009310b4
                                                                                                                                                                                0x009310c2
                                                                                                                                                                                0x009310cb
                                                                                                                                                                                0x009310d3
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x009310ec
                                                                                                                                                                                0x009310f5
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x00000000
                                                                                                                                                                                0x009310f7
                                                                                                                                                                                0x00000000

                                                                                                                                                                                APIs
                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,00000010,00000000,00000000,?), ref: 00931045
                                                                                                                                                                                • PathAddBackslashW.SHLWAPI(?), ref: 00931052
                                                                                                                                                                                • GetCommandLineW.KERNEL32 ref: 00931058
                                                                                                                                                                                • StrStrIW.SHLWAPI(-00000002,log), ref: 00931067
                                                                                                                                                                                • StrCpyW.SHLWAPI(?,?), ref: 009310B4
                                                                                                                                                                                • StrCatW.SHLWAPI(?,Methods.txt), ref: 009310C2
                                                                                                                                                                                • PathFileExistsW.KERNELBASE(?), ref: 009310CB
                                                                                                                                                                                • GetPrivateProfileIntW.KERNEL32 ref: 009310EC
                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 009310F9
                                                                                                                                                                                • StrCpyW.SHLWAPI(00933048,?), ref: 00931110
                                                                                                                                                                                • StrCatW.SHLWAPI(00933048,DesktopLog.txt), ref: 0093112A
                                                                                                                                                                                • DeleteFileW.KERNEL32(00933048), ref: 00931133
                                                                                                                                                                                • GetSystemTime.KERNEL32(?), ref: 00931140
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000008.00000002.699377070.0000000000931000.00000020.00020000.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                • Associated: 00000008.00000002.699369360.0000000000930000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000008.00000002.699385840.0000000000932000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000008.00000002.699393778.0000000000935000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_8_2_930000_setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Path$File$BackslashCommandCurrentDeleteExistsFolderLinePrivateProcessProfileSystemTime
                                                                                                                                                                                • String ID: 6$u$========== %02d/%02d/%d ==========$DesktopLog.txt$Methods.txt$config$desktop_logger$log
                                                                                                                                                                                • API String ID: 1913489333-4091287083
                                                                                                                                                                                • Opcode ID: 5fa12b973a90ce5d00fe7db8d0340e186faf7738e96a04db8a710463cf750af8
                                                                                                                                                                                • Instruction ID: 45dc44e1ae1a5c30e06edffa902bf48caaab28cb4121a85a640b1e5da0371b54
                                                                                                                                                                                • Opcode Fuzzy Hash: 5fa12b973a90ce5d00fe7db8d0340e186faf7738e96a04db8a710463cf750af8
                                                                                                                                                                                • Instruction Fuzzy Hash: EE41A2B1A54218AADB289B64DC89BFA73FCEF48701F004096F505D3161D7749AC8DF34
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 0093117C, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 122filestringtimeCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                C-Code - Quality: 66%
                                                                                                                                                                                			E0093117C(void* __edx, WCHAR* _a4, void _a8) {
				signed int _v8;
				short _v2056;
				struct _SYSTEMTIME _v2072;
				void _v2076;
				long _v2080;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t60;
				void* _t63;
				signed int _t67;
				void* _t72;
				void* _t73;
				void* _t75;
				signed int _t77;
				void* _t82;

				_t72 = __edx;
				_v8 =  *0x933004 ^ _t77;
				_t76 = 0;
				if( *0x933250 == 0) {
					E00931000(0, 0);
				}
				if( *0x933048 != _t76) {
					_push(_t73);
					_t82 = _a4 - _t76;
					if(_t82 == 0) {
						DeleteFileW(0x933048);
					}
					_push(_t60);
					_t29 = PathFileExistsW(0x933048);
					_push(_t76);
					_push(0x80);
					_t67 = 0;
					asm("sbb bl, bl");
					_t63 =  ~_t29 + 1;
					_t75 = CreateFileW(0x933048, 4, _t76, _t76, (_t67 & 0xffffff00 | _t82 == 0x00000000) + 2, ??, ??);
					if(_t75 != 0xffffffff) {
						_v2080 = _t76;
						if(_t63 != 0) {
							_v2076 = 0xfeff;
							WriteFile(_t75,  &_v2076, 2,  &_v2080, _t76);
						}
						if(_a4 != _t76) {
							GetSystemTime( &_v2072);
							wnsprintfW( &_v2056, 0x400, L"%02d:%02d:%02d (%u)", _v2072.wHour & 0x0000ffff, _v2072.wMinute & 0x0000ffff, _v2072.wSecond & 0x0000ffff,  *0x933254);
							_t76 = lstrlenW;
							WriteFile(_t75,  &_v2056, lstrlenW( &_v2056) + _t40,  &_v2080, lstrlenW);
							wvnsprintfW( &_v2056, 0x400, _a4,  &_a8);
							StrCatW( &_v2056, L"\r\n");
							WriteFile(_t75,  &_v2056, lstrlenW( &_v2056) + _t51,  &_v2080, 0);
						}
						CloseHandle(_t75);
					}
					_pop(_t60);
					_pop(_t73);
				}
				return E00931316(_t60, _v8 ^ _t77, _t72, _t73, _t76);
			}




















                                                                                                                                                                                0x0093117c
                                                                                                                                                                                0x0093118c
                                                                                                                                                                                0x00931190
                                                                                                                                                                                0x00931199
                                                                                                                                                                                0x0093119d
                                                                                                                                                                                0x009311a3
                                                                                                                                                                                0x009311ab
                                                                                                                                                                                0x009311b1
                                                                                                                                                                                0x009311b7
                                                                                                                                                                                0x009311ba
                                                                                                                                                                                0x009311bd
                                                                                                                                                                                0x009311bd
                                                                                                                                                                                0x009311c3
                                                                                                                                                                                0x009311c5
                                                                                                                                                                                0x009311cb
                                                                                                                                                                                0x009311cc
                                                                                                                                                                                0x009311d5
                                                                                                                                                                                0x009311d8
                                                                                                                                                                                0x009311da
                                                                                                                                                                                0x009311ee
                                                                                                                                                                                0x009311f3
                                                                                                                                                                                0x00931201
                                                                                                                                                                                0x00931207
                                                                                                                                                                                0x0093121b
                                                                                                                                                                                0x00931224
                                                                                                                                                                                0x00931224
                                                                                                                                                                                0x00931229
                                                                                                                                                                                0x00931236
                                                                                                                                                                                0x0093126b
                                                                                                                                                                                0x0093127b
                                                                                                                                                                                0x00931296
                                                                                                                                                                                0x009312ab
                                                                                                                                                                                0x009312bd
                                                                                                                                                                                0x009312e0
                                                                                                                                                                                0x009312e0
                                                                                                                                                                                0x009312e3
                                                                                                                                                                                0x009312e3
                                                                                                                                                                                0x009312e9
                                                                                                                                                                                0x009312ea
                                                                                                                                                                                0x009312ea
                                                                                                                                                                                0x009312f7

                                                                                                                                                                                APIs
                                                                                                                                                                                • DeleteFileW.KERNEL32(00933048,00933048,76574770), ref: 009311BD
                                                                                                                                                                                • PathFileExistsW.SHLWAPI(00933048,00000000,00933048,76574770), ref: 009311C5
                                                                                                                                                                                • CreateFileW.KERNEL32(00933048,00000004,00000000,00000000,-00000002,00000080,00000000), ref: 009311E8
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,00000002,?,00000000), ref: 00931224
                                                                                                                                                                                • GetSystemTime.KERNEL32(?), ref: 00931236
                                                                                                                                                                                • wnsprintfW.SHLWAPI ref: 0093126B
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,00000000), ref: 00931289
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,00000000), ref: 00931296
                                                                                                                                                                                • wvnsprintfW.SHLWAPI(?,00000400,?,?), ref: 009312AB
                                                                                                                                                                                • StrCatW.SHLWAPI(?,00932588), ref: 009312BD
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,00000000), ref: 009312D3
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,00000000), ref: 009312E0
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 009312E3
                                                                                                                                                                                  • Part of subcall function 00931000: SHGetFolderPathW.SHELL32(00000000,00000010,00000000,00000000,?), ref: 00931045
                                                                                                                                                                                  • Part of subcall function 00931000: PathAddBackslashW.SHLWAPI(?), ref: 00931052
                                                                                                                                                                                  • Part of subcall function 00931000: GetCommandLineW.KERNEL32 ref: 00931058
                                                                                                                                                                                  • Part of subcall function 00931000: StrStrIW.SHLWAPI(-00000002,log), ref: 00931067
                                                                                                                                                                                  • Part of subcall function 00931000: StrCpyW.SHLWAPI(?,?), ref: 009310B4
                                                                                                                                                                                  • Part of subcall function 00931000: StrCatW.SHLWAPI(?,Methods.txt), ref: 009310C2
                                                                                                                                                                                  • Part of subcall function 00931000: PathFileExistsW.KERNELBASE(?), ref: 009310CB
                                                                                                                                                                                  • Part of subcall function 00931000: GetPrivateProfileIntW.KERNEL32 ref: 009310EC
                                                                                                                                                                                  • Part of subcall function 00931000: GetCurrentProcessId.KERNEL32 ref: 009310F9
                                                                                                                                                                                  • Part of subcall function 00931000: StrCpyW.SHLWAPI(00933048,?), ref: 00931110
                                                                                                                                                                                  • Part of subcall function 00931000: StrCatW.SHLWAPI(00933048,DesktopLog.txt), ref: 0093112A
                                                                                                                                                                                  • Part of subcall function 00931000: DeleteFileW.KERNEL32(00933048), ref: 00931133
                                                                                                                                                                                  • Part of subcall function 00931000: GetSystemTime.KERNEL32(?), ref: 00931140
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000008.00000002.699377070.0000000000931000.00000020.00020000.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                                                • Associated: 00000008.00000002.699369360.0000000000930000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000008.00000002.699385840.0000000000932000.00000002.00020000.sdmp Download File
                                                                                                                                                                                • Associated: 00000008.00000002.699393778.0000000000935000.00000002.00020000.sdmp Download File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_8_2_930000_setup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$Path$Write$DeleteExistsSystemTimelstrlen$BackslashCloseCommandCreateCurrentFolderHandleLinePrivateProcessProfilewnsprintfwvnsprintf
                                                                                                                                                                                • String ID: %02d:%02d:%02d (%u)
                                                                                                                                                                                • API String ID: 3690871510-1485570179
                                                                                                                                                                                • Opcode ID: e654597abd44409c64df9429698960f5b2379302ecac22e706654d563beb20a0
                                                                                                                                                                                • Instruction ID: a0f1152b4c41e1fbec4787ed244206ad589eb10c54f9402094ed04c8b7044394
                                                                                                                                                                                • Opcode Fuzzy Hash: e654597abd44409c64df9429698960f5b2379302ecac22e706654d563beb20a0
                                                                                                                                                                                • Instruction Fuzzy Hash: FD41627294412CAADB259BA0DD85FEB77FCFF08700F048096F645D2050DB349A8ADFA4
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%